Posted on Aug 3, 2016
Hospitals are where you go to get healthy, but they are increasingly becoming playgrounds for hackers, owing to weak cyber security measures. A couple of weeks ago, networks of the Hollywood Presbyterian Medical Center, a California-based hospital, were held hostage, reportedly to the tune of 9,000 bitcoin or over $3.6 million.
This isn’t a unique problem. In fact, a Forrester report from late last year predicted that such occurrences would begin happening with increasing regularity. A 2015 blog post writes that the research firm predicted that “2016 will be the year we see ransomware for a medical device or wearable.”
What happened in California isn’t exactly that, but it’s very close and similarly destructive. In this case, hackers gained access to the hospital’s network and locked the employees out via ransomware. This made it impossible for any employees to access the network until the attackers gave the okay. Anyone can fall prey to ransomware by seemingly innocuous tasks like simply downloading an assuming attachment.
But, as predicted by Forrester and highlighted by this saga, healthcare institutions are way behind the cyber security curve. Ethical hackers have proven over the last few years how easy it is to get into a health care network and wreak havoc. One team was in fact able to gain access inside an entire hospital’s network which, writes Kaspersky Lab, gave them “access to pretty much everything inside, including a number of devices for data storage and analysis.” This happened because network infrastructure was not properly set up.
In short, the healthcare industry is beginning to show signs that it’s not properly protected from digital attacks. And the repercussions are myriad: patients lose their privacy, health care businesses lose their data, and institutions are held hostage.
This will hopefully catalyze an industry-wide wakeup call. Healthcare companies deal with terabytes of personal and private information, and our data shows a great need for cyber security improvement.
For instance, according to our numbers,
Undoubtedly all companies wish to keep their data secure, but our findings show some real industry-wide pitfalls. We also looked at individual hospitals, and found similarly poor results.
In only a few minutes of searching, we were able to see a few compliance issues at a hospital in a major city.
In a perfect world, these issues wouldn’t exist. But the next best thing any business can do is check regularly for when problems do arise. The only way to handle the constant barrage of cyber security needs is to always be on the ball. The numbers show a need for greater cyber security awareness in the healthcare space. All of the problems we found were potential ways hackers could capitalize on poor security practices. Our cyber security platform allows customers to plainly see what sort of issues arise, making it possible for a fast response.
In the cyber security space there’s no panacea. But with the right tools, problems can be alleviated in a swift manner. The only way to be ahead of the curve is to integrate solutions that look from the outside in.
Over the next many years we are sure to see more examples of healthcare digital attacks. It’s surely giving a wakeup call to numerous industries that handle private data. At the same time, it’s important to make sure all your bases are covered. Don’t fall prey to the hacked hospital and be forced to pay hackers. Instead, adopt a security-first culture and keep an eye on your cyber security scorecard.
Check out our list of 3 top third party risk management (TPRM) challenges, and the actions you can take to bolster your program. Learn more.
Performing cybersecurity risk assessments is a key part of any organization’s information security management program. Read our guide.
Templates and vendor evaluations are needed to level that playing field, in a time efficient and fair way, so that the best vendors are chosen.
Co-founder and CEO, Alex Yampolskiy, speaks about the importance of measuring and acting on key indicators of cybersecurity risk.
You’ve invested in cybersecurity, but are you tracking your efforts? Check out our list of 9 cybersecurity KPIs you should track. Read more.
No waiting, 100% Free
Get your free scorecard and learn how you stack up across 10 risk categories. Answer a few simple questions and we'll instantly send your score to your business email.