Upcoming events

  • No upcoming events

Latest ISLF News

Menu
Log in

Information Security Leadership Forum Interational

A Community of Today and Tomorrow's Leaders

Hackers Targeting Healthcare Companies

Thursday, February 02, 2023 3:50 PM | Timothy Phillips (Administrator)

With the explosive growth of internet connected medical devices, hackers are targeting healthcare companies. As a result the industry and companies in it are quickly becoming a high priority target for hackers and ransomware attacks.  In 2020, according to industry statistics, healthcare companies experienced a 71% increase in security breaches and incidents and a 45% increase in ransomware attacks.  Overall, more than 1 in 3 health care companies reported being the victim of a ransomware attack. 

It’s no surprise that personal information is regularly bought and sold on the dark web.  Industry experts identified the average selling price for personal information, such as social security numbers sold for about fifty cents, while a health care record sold for over $250. Given that math, it is apparent why a database of client records might be more valuable to a hacker selling on the black market over your social security number.

Hackers are also finding that hospitals are more likely to pay ransoms because they cannot afford to be unable to operate for even a few hours.  They’re also finding many entry points into hospital systems through internet connected medical devices.  In the US, there can be anywhere from 10-15 internet connected devices per hospital bed, meaning hackers have multiple modes of attack. 

The large number of Internet connected devices also puts patients at risk.  Just a few years ago, Abbot Laboratories was forced to recall some 500,000 pacemakers due to security vulnerabilities. 

What Does This Mean? 

Despite HIPAA and HITECT regulations, healthcare companies continue to be challenged with implementing sound and holistic security.  This includes everything from major hospitals to local doctor’s offices.  No healthcare company is too small a target for hackers. 

It also means that governments should be stepping up their cybersecurity rules and regulations for partner healthcare companies. 

If you’re a health care company, you should be looking to upgrade your security posture in order to protect not only Protected Health Information (PHI), but also the lives of those patients. 

Questions for You!

What are your thought on this topic?

Do you have any special insights on this topic that you'd like to share?

What needs to happen and by whom for this to be in our past?

If you have thoughts on any of these questions or other relevant and related ones, please leave a comment in the comment section below. Please note to keep our environment clean and free of advertisments of any kind, comments may not include external links, citing company names to promote them, or the like.