Healthcare companies are one of the biggest industry targets for hackers. In 2020 healthcare businesses suffered a 71% increase in security breaches/incidents according to Verizon DBIR (Data Breach Investigations Report). This trend has been going on for a while and all indications suggest that it will continue into the future. Here’s a few reasons why healthcare companies are a favourite target for cybercriminals:
The data you hold is valuable
Personal health information (PHI) is one of the most profitable types of information that can be sold on the dark web, it’s even more valuable than financial information in many cases. The 2018 Trustwave Global Security Report looked at the prices of multiple types of information sold on the dark web. It found that a social security number would sell for $0.53, payment card information would sell for $5.40 while the healthcare record for one person would sell for an average of $250,15 when sold. As you can see the difference in price alone is enough to encourage hackers to target PHI over other types of information but there is another important benefit. PHI has a much longer shelf life compared to other types of personal information. For example if someone’s credit card information is stolen, they can see false transactions going through fairly easily and report that to their bank/financial provider and have that card deactivated quickly. However with PHI, it can be much more difficult to identify when that information has been leaked and when it’s being used by a hacker. This means the cybercriminal can engage in fraud and other criminal behaviour much longer and easier.
Secondly, ransomware attacks against hospitals have a higher payout ratio than other types of businesses due to the nature of the business. Hospitals and other healthcare providers can’t afford to be unable to operate for months, weeks, days or even hours in some cases if they are caring for critical patients. This means they are one of the most likely types of business to pay a ransom. In 2020 more than 1 in 3 health care organizations globally reported being hit by a ransomware attack. Since November 2020 there has been a 45% increase in the amount of ransomware attacks targeting the healthcare industry.
Lastly, the amount of internet-connected medical devices means that hackers have many points of entry to the company and this can be very encouraging. There are approximately 10-15 connected devices per hospital bed in the United States and this means a huge attack surface for a potential hacker. Not only does this mean that healthcare companies can be targeted but individual patients as well. One example of this was when over 465,000 pacemakers have been recalled from Abbotts by the US Food and Drug administration due to a vulnerability that would allow hackers to remotely disable the device.
Overall, healthcare companies represent a big opportunity for hackers and we can expect for them to continue to target them on a regular basis. This is why it’s important for healthcare companies to invest in cybersecurity