• Skip to main content
  • Skip to secondary menu
  • Skip to primary sidebar
  • Skip to secondary sidebar
  • Skip to footer

  • Opinion
  • Health IT
    • Behavioral Health
    • Care Coordination
    • EMR/EHR
    • Interoperability
    • Patient Engagement
    • Population Health Management
    • Revenue Cycle Management
    • Social Determinants of Health
  • Digital Health
    • AI
    • Blockchain
    • Precision Medicine
    • Telehealth
    • Wearables
  • Startups
  • M&A
  • Value-based Care
    • Accountable Care (ACOs)
    • Medicare Advantage
  • Life Sciences
  • Research

The Reality of Ransomware Attacks: Are Healthcare Providers Truly Prepared?

by Erica Garvin 11/08/2016 Leave a Comment

  • LinkedIn
  • Twitter
  • Facebook
  • Email
  • Print

 

kim-lee-jdHIMSS’ Director of Privacy and Security Lee Kim, explains why now is the time for healthcare to get serious on preperation to tackle ransomware attacks.

 

 

 

Healthcare data hacked into and virtually held hostage? It may sound like the stuff of science fiction, but it’s a true story told repeatedly and increasingly both in the U.S. and abroad. Today, ransomware and cyber-attacks in healthcare are beyond real, and so are the costly consequences. According to HIMSS’ Lee Kim, now is the time to tighten up your security—or say goodbye to your bitcoins.

 

“It’s a threat that cannot be ignored,” said Kim, director of privacy and security at HIMSS. “Healthcare organizations need to address ransomware and other malware in their risk assessments. Additionally, adopting new and more technology can mean a larger attack surface and thus more opportunity for cyber-attacks to occur.”

 

Last year, cybercriminals attacked the healthcare industry at a higher rate than any other sector; more than 100 million records were compromised. Additionally, the sector’s data breaches are getting bigger—with five of the eight largest health data breaches reported since 2010 occurring in the first six months of 2015, according IBM’s 2015 Cost of a Data Breach study.

 

Healthcare data has become a fast favorite for cyber thieves, because the industry has been traditionally behind the bell curve when it comes to technology adoption. As a result, the industry has greater vulnerability than industries with more mature technical infrastructure. Even more enticing is the fact that health data is rife with information that can be used for medical identity theft and fraud. The swift proliferation of mobile devices, applications and wearables is creating even more opportunities for data breaches to occur.

 

Ransomware is quickly becoming a popular method of attack, with quite a few hospitals ponying up the cash to restore their files. According to the report McAfee Labs Threats Report: September 2016, hospitals have paid nearly $100,000 to a specific bitcoin account. The actor (it could be a single actor but most likely a group) has apparently received $121 million in ransomware (189,813 bitcoin), targeting various industries.

 

It’s not as if health organizations are not aware of such virtual threats. According to HIMSS 2016 Cybersecurity Survey (which focused on the responses from 150 information security leaders within acute and non-acute healthcare settings), more than 85 percent of respondents reported having cybersecurity efforts as a business priority; however, the findings also revealed more progress needs to be made. Several barriers were cited in the survey as stagnating such progress, including lack of appropriate cybersecurity personnel (58 percent acute, 62 percent non-acute) and lack of financial resources (50 percent acute, 71 percent non-acute).

 

Cultivating a Secure Culture

 

Despite those barriers, how can health organizations approach the issue of cybersecurity effectively? According to Kim, focus your resources and time on risk assessment and build from there. “Use a whole organization approach for cybersecurity to remove the barriers,” she said. “Change the culture in your organization, so that cybersecurity is not perceived as a barrier. Keep your people, processes, and technology up to date to deal with today’s and tomorrow’s threats.”

 

The important thing to remember is that your approach to cybersecurity must continue to evolve along with your organization. Before any new software component is expected to go live, for example, it’s essential to conduct the proper testing to ensure it does not break the production environment; in the context of a hospital setting, a break in the production environment can mean a risk to patient safety or crippling a critical business function.

 

As for organizations that may be enacting or maintaining bring your own device (BYOD) policies, Kim says do your homework on what you can do to tighten up your policies. Dealing with third party devices, especially mobile devices, increase the potential attack service; mobile applications can leak data, operating systems can be exploited and even eavesdropping is a valid concern.

 

 “Seek out legal counsel to determine what you can and what you cannot do with BYOD before you have such a program in place,” said Kim. “Ask your legal counsel about mobile device management solutions and what security policies may be enforced.”

 

As digital innovations become more infused with healthcare delivery practices worldwide, cyber threats will only continue to grow. According to Kim, there is no silver bullet when it comes to effective cybersecurity. However, to stay effective when it comes to thwarting off potential threats, it’s essential for organizations to keep evolving their approach to them.

 

“More technology means more vulnerabilities that can be exploited,” she said. “When new technology is adopted, you may want to revisit your organization’s risk assessment and determine whether and how to address any new risks introduced by the new technology. In other words, you need to regularly assess risks—whether in the face of new technology or new threats.”

 

 

  • LinkedIn
  • Twitter
  • Facebook
  • Email
  • Print

Tagged With: ansomware Attacks, cyber security, Healthcare Data Breach, Healthcare Data Breaches

Tap Native

Get in-depth healthcare technology analysis and commentary delivered straight to your email weekly

Reader Interactions

Primary Sidebar

Subscribe to HIT Consultant

Latest insightful articles delivered straight to your inbox weekly.

Submit a Tip or Pitch

Featured Insights

2025 EMR Software Pricing Guide

2025 EMR Software Pricing Guide

Featured Interview

Kinetik CEO Sufian Chowdhury on Fighting NEMT Fraud & Waste

Most-Read

2019 MedTech Breakthrough Award Category Winners Announced

MedTech Breakthrough Announces 2025 MedTech Breakthrough Award Winners

WeightWatchers Files for Bankruptcy to Eliminate $1.15B in Debt

WeightWatchers Files for Bankruptcy to Eliminate $1.15B in Debt

KLAS: Epic Dominates 2024 EHR Market Share Amid Focus on Vendor Partnership; Oracle Health Sees Losses Despite Tech Advances

KLAS: Epic Dominates 2024 EHR Market Share Amid Focus on Vendor Partnership; Oracle Health Sees Losses Despite Tech Advances

'Cranky Index' Reveals EHR Alert Frustration Peaks Midweek, Highest Among Admin Staff

‘Cranky Index’ Reveals EHR Alert Frustration Peaks Midweek, Highest Among Admin Staff

Madison Dearborn Partners to Acquire Significant Stake in NextGen Healthcare

Madison Dearborn Partners to Acquire Significant Stake in NextGen Healthcare

Wandercraft Begins Clinical Trials for Physical AI-Powered Personal Exoskeleton

Wandercraft Begins Clinical Trials for Physical AI-Powered Personal Exoskeleton

Chipiron Secures $17M to Transform MRI Access with Portable Scanner

Chipiron Secures $17M to Transform MRI Access with Portable Scanner

Abbott to Integrate FreeStyle Libre Glucose Data with Epic EHR

Abbott to Integrate FreeStyle Libre Glucose Data with Epic EHR

5 Ways New Trump Administration Tariffs Are Impacting U.S. Healthcare Now

5 Ways Trump Administration Tariffs Are Impacting U.S. Healthcare Now

iCAD, GE HealthCare Integrate to Advance Breast Cancer Detection with AI

RadNet to Acquire iCAD for $103M in All-Stock Transaction

Secondary Sidebar

Footer

Company

  • About Us
  • Advertise with Us
  • Reprints and Permissions
  • Submit An Op-Ed
  • Contact
  • Subscribe

Editorial Coverage

  • Opinion
  • Health IT
    • Care Coordination
    • EMR/EHR
    • Interoperability
    • Population Health Management
    • Revenue Cycle Management
  • Digital Health
    • Artificial Intelligence
    • Blockchain Tech
    • Precision Medicine
    • Telehealth
    • Wearables
  • Startups
  • Value-Based Care
    • Accountable Care
    • Medicare Advantage

Connect

Subscribe to HIT Consultant Media

Latest insightful articles delivered straight to your inbox weekly

Copyright © 2025. HIT Consultant Media. All Rights Reserved. Privacy Policy |