Healthcare is in poor shape when it comes to cybersecurity.
Cybersecurity Ventures predicts that the healthcare industry will spend $65 billion cumulatively over five years, from 2017 to 2021, on cybersecurity products and services. But after paying all those bills, many hospitals will not pass their cyber physicals.
“What does it mean if we spend that kind of money, and cybercrime still increases?” asks Scott Augenbaum, retired FBI Cyber Division supervisory special agent. He’s referring to the $6 trillion in cybercrime damage costs that the world is expected to incur by 2021, up from $3 trillion in 2015. Healthcare, one of the most cyber-attacked industries, is taking a big hit.
Healthcare cyberattacks are becoming more common and more expensive, despite the fact that they already account for extraordinary damages to medical systems, according to “The Future of Cybersecurity in Healthcare,” published by CyberMaxx, a cybersecurity firm providing its services to more than 300 healthcare providers, including four out of top 10 hospital systems in the U.S.
The CyberMaxx report, which features Augenbaum alongside a dozen industry experts and practitioners, states that as we head into the 2020s, healthcare cybersecurity professionals must work faster — and smarter than ever — to prevent, detect, and respond to attacks.
Taking Healthcare’s Temperature
To build on the CyberMaxx report, the editors at Cybercrime Magazine have compiled 15 of the latest facts, figures, predictions, and statistics, from various sources, to provide our readers with a synopsis of healthcare and cybersecurity.
1. Healthcare suffered 2-3X more cyberattacks in 2019 than the average amount for other industries, according to data in the Cisco/Cybersecurity Ventures Cybersecurity Almanac. Woefully inadequate security practices, weak and shared passwords, plus vulnerabilities in code exposes hospitals to perpetrators intent on hacking treasure troves of patient data.
2. The Department of Health and Human Services’ (HHS) Office for Civil Rights’ (OCR) breach portal reports that healthcare data breaches increased by 196 percent from 2018 to 2019, and that last year there were more data breaches reported than any other year in history. Texas topped the charts with more than 60 breaches reported, followed by California with 42, Illinois with 26, and New York and Ohio with 25 apiece.
3. More than 41 million patient records were breached in 2019, triple the number reported in 2018, according to the 2020 Breach Barometer published by Protenus, who states that for hospitals and health systems, the data compromises lead to regulatory penalties and financial costs accrue, along with the loss of patient trust, and bad publicity.
4. Personal health information is 50 times more valuable on the black market than financial information, and stolen patient health records can fetch upwards of $60 per record (which is 10-20 times more than credit card information). Medical records often contain a complete identity: name, date of birth, Social Security number and medical information — which can be used to establish a fake identity, open a credit account, or to bill fraudulently for medical procedures.
5. The 2019 HIMSS Cybersecurity Survey states that phishing scams and other forms of email fraud are the most common point of information compromise in the healthcare vertical. The survey asked healthcare providers about their organizations’ email phishing test results, and remarkably 18 percent of respondents stated their organization did NOT conduct phishing tests. And 36 percent of non-acute care organizations do NOT conduct phishing tests at all.
6. Ransomware attacks on healthcare organizations were predicted to quadruple between 2017 and 2020, and to grow to 5X by 2021, according to a report from Cybersecurity Ventures. 91 percent of cyberattacks (on all types of organizations) begin with spear-phishing email, which are commonly used to infect hospitals and healthcare providers with ransomware.
7. Ransomware incidents accounted for more than 70 percent of all malware outbreaks in the healthcare vertical for the last year tracked, according to the 2019 Verizon Data Breach Investigations Report (DBIR), which produces results based on a data set collected from a variety of sources such as publicly-disclosed security incidents, cases provided by the Verizon Threat Research Advisory Center (VTRAC) investigators, and by their external collaborators.
8. After ransomware attacks and data breaches, as many as 36 additional deaths per 10,000 heart attacks occurred annually at hundreds of hospitals, according to a new study featured on PBS News Hour. Heart attacks rank among the most common medical emergencies in the U.S., with approximately 735,000 Americans experiencing one every year.
9. Verizon’s 2019 DBIR also found…