The healthcare industry has been a favored target for cybercriminals for many years. In the first half of 2022 alone, 324 attacks against healthcare organizations have been reported. Attackers have primarily focused on large hospitals in years past, but there has been a sudden switch to smaller healthcare companies and specialty clinics.
There seems to be a clear trend in attacks against the healthcare industry, and that trend includes targeting smaller healthcare companies and clinics.
Healthcare Cyberattacks in Numbers
The healthcare industry is a prime target for cyberattacks, with hundreds of network and data breaches recorded in 2022 already. Some of the statistics and trends regarding cyberattacks on healthcare companies include:
- During a peak period of healthcare-related cyberattacks, the industry was subjected to 393 breaches in the second half of 2020.
- In the first half of 2022, the sector recorded 324 data breaches, affecting over twenty million people.
- Smaller organizations are now seeing the brunt of cybercriminal activity. Most attacks have been targeted toward healthcare providers (73% of attacks), business associates/data handlers (15%), and health plan organizations (12%).
- Electronic Health Record (EHR) attacks accounted for 8% of breaches in the first half of 2022, increasing from 0% in the first half of 2020.
- Network server vulnerabilities remain the primary target, with 57% of attacks targeting them. However, this represents a decrease of 10% when compared to the first half of 2021.
Examples of Recent Cyberattacks on Small Healthcare Businesses
Recently, cybercriminals targeted Eye Care Leaders, which provide EHR and Practice Management systems for eye care businesses. This breach resulted in over two million patient records being exposed.
Other high-profile attacks involved Practice Resources (revenue cycle management vendors), OneTouchPoint (printing services), and Professional Financial Company (an accounts receivable firm.) These three attacks together resulted in the data of almost four million individuals being illegally accessed.
Why Do Cybercriminals Target the Healthcare Sector?
Here are eight main reasons cybercriminals target the health sector:
- Patient details are valuable - Confidential patient data can be worth a lot of money to cybercriminals who can easily sell it so it can be used for fraudulent activity.
- The attack surface is large - The number of vulnerable entry points for attackers in healthcare organizations is plentiful. This is due to a large number of connected devices, such as X-Ray machines and monitoring equipment that lack the necessary security.
- Remote staff - Many staff members within the healthcare sector need to access data remotely as they mostly work outside the office. This gives malicious actors more opportunities to gain access to a network.
- Processes are rarely updated - As health professionals are extremely busy, processes are rarely changed to avoid disruption. This can result in security holes whenever new technology or applications are added to a network.
- A lack of security training - Healthcare organizations rarely educate staff members about online security risks, and many employees lack the necessary training to avoid their credentials from being compromised.
- Healthcare information needs to be shared easily - Staff members need to obtain patient information quickly and easily so care can be administered urgently if required. This means that healthcare data can be shared numerous times a day, and it has very little protection.
- Smaller organizations invest little in online security - Many smaller organizations within the sector work on a tight budget, and online security is one area of the business that receives minimal funding.
- Outdated technology - A hesitancy to update IT systems due to the fear of disruption means that many healthcare networks are made up of outdated devices and software. Any software that is no longer supported presents a golden opportunity for cybercriminals.
What Types of Cyberattacks Are Most Common?
Many cyberattacks involve ransomware, or unauthorized access to IT networks. However, new scams are also being developed that target specific medical workers. One such scam involves attackers impersonating law enforcement agents and government officials.
By impersonating officials, the attacker hopes to acquire personally identifiable information (PII). This can be achieved by spoofing real names, phone numbers, and credentials to inform the victim that they have been subpoenaed to provide a witness statement in court.
The victim is then ordered to pay a fine, with scare tactics used to ensure it is paid quickly. Common scare tactics include issuing threats that a person’s medical license may be revoked or convincing them that they could be arrested. If successful, the attacker can gain personal security information and financial details over the phone, which could then be used to attempt access on a secured network.
Although not exactly a cyberattack, chargeback frauds contribute greatly to the losses healthcare businesses have incurred in recent years. With more than 80% of all chargebacks being fraudulent, healthcare companies must invest in high-tech solutions, such as identity authentication tools, to rectify chargeback scams.
The Shift From Large Hospitals to Smaller Healthcare Companies
It is clear that the healthcare industry is a lucrative market for cybercriminals, but why the obvious retargeting of attacks toward smaller healthcare organizations?
This is mainly because smaller businesses do not have the necessary cybersecurity to protect themselves, whereas larger organizations commit significant resources to protect their networks. Many of these organizations work under tight financial constraints, meaning they are unable to designate enough resources for their online security requirements, despite holding valuable information on their systems.
If you manage a small healthcare company and don’t think you’re adequately protected, look for IT solutions that come with crucial features such as HIPAA-compliant devices, networks, and servers; point-of-care devices; and Telehealth or remote healthcare support.
Although data breaches in the healthcare sector have displayed a decline over the last 12 months, the concern is that there is a clear trend of widely-used, systemic technology that is being targeted. Experts within the cybercrime industry expect this trend to continue for the remainder of 2022.
Cyberattacks on the healthcare industry have declined in recent years. However, a clear trend has developed where smaller healthcare businesses and specialty clinics are now the most common victims.
This is because many smaller organizations lack the necessary cybersecurity to identify vulnerabilities and protect against modern attacks. Until this issue is resolved, this trend will likely continue, putting millions of individuals’ data at risk.
About the Author:
Gary Stevens is an IT specialist who is a part-time Ethereum dev working on open source projects for both QTUM and Loopring. He’s also a part-time blogger at Privacy Australia, where he discusses online safety and privacy.
Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.