The Viral Threat Doctors Don’t Learn About in Med School

In 2017, the three largest most publicized ransomware outbreaks were all reported within the healthcare industry. With ransomware still dominating the world of cybercrime, healthcare continues to be a particularly attractive target for hackers. The valuable data housed on these networks are ripe for financial gain on the dark web. The resulting breaches of protected health information (PHI)  pose large-scale lawsuits, new compliance mandates, public-facing ethical dilemmas and disruption of patient care.

According to the Healthcare Industry Cybersecurity Task Force (est. 2016 by the U.S Department of Health and Human Services), both large and small healthcare organizations struggle with numerous unsupported legacy systems that cannot easily be replaced (i.e. hardware, software and operating systems), exposing vulnerabilities for hackers to exploit and few modern countermeasures.

Further exacerbating the issue, many providers and staff often assume that the IT network and the devices they support function efficiently and that their level of cybersecurity risk is low. Poor security hygiene in healthcare, partnered with intricate and often outdated systems, lead to the success of ransomware and other cyber attacks.   

How ransomware works — This type of malware is downloaded onto systems when unwitting users visit compromised websites, click malicious links or download/click links in a phishing email. Once your network is infected, it prevents or limits users from accessing their system by locking user screens or files until ransom is paid to the hacker.

How ransomware hurts — In addition to the monetary loss, the aftermath of data collected leads to fraud, identity theft, stolen research and development, stock manipulation and worse yet, risks patient care and well-being.

An affordable and effective countermeasure to mitigate risk, protect PHI and comply with HIPAA mandates is to prioritize cybersecurity with a security awareness training program for all employees and clinicians. Once your (Read more...)

*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Jenna Hulbert. Read the original post at: