Healthcare Hacks Soar To 41%, Now Most Targeted Industry

The healthcare industry has long been one of the most targeted hacking sectors. According to startling statistics in the Beazley 2019 Breach Briefing, healthcare now makes up 41% of overall hacks, making it the #1 most-hacked industry. The financial sector came in second with 20% of all hacks, and education with 10%. The report finds the value behind stealing healthcare data is that it provides ongoing income for hackers who sell and resell patient PHI (Personal Health Information), including Social Security Numbers–on the Dark Web. Some of the most significant attack methods used on healthcare and the reasons behind them are looked at in more detail by the report.

- 31% of healthcare data breaches are caused by employees unintentionally disclosing PHI

It’s not unusual that employees make mistakes sharing information. In the case of healthcare, however, the stakes are much higher when PHI is in the wrong hands. Hackers also know that employees make errors and they do whatever they can to facilitate those mistakes.

- 22% of all healthcare hacks involved Business Email Compromise (BEC)

Beazley reports BEC hacks increased 133% between 2017 and 2018. This method is preferred in hacks against healthcare institutions, because employees have direct access to PHI. Spam and phishing emails are a hacker favorite; with spear phishing attacks being the most effective. The emails often include malware attachments and fake links, all are designed to get PHI.

- 34% of attacks involved ransomware

Perhaps the biggest foe of healthcare everywhere. Hackers who are intent on making money from holding PHI and entire healthcare systems hostage know how critical that data is. Ransomware is often planted through BEC emails. Keeping hospital data hostage puts patients and lives at risk, and hackers count on that to get ransoms paid…and fast! When lives are on the line, they know victims are more likely to pay up to restore their systems to working order.

- Protect your PHI

With healthcare now the #1 hacking target, protecting PHI is the responsibility of both individuals and healthcare providers. There are ways individuals can help keep their PHI private–keeping your PHI to yourself is a great start. Be aware of others around you when discussing your PHI, including speaking with your pharmacist or doctor. Always check healthcare statements and immediately contact your provider if you have any questions; because fraudulent charges can happen with stolen PHI.

Stickley on Security
Published May 9, 2019