« Back to Blog

The Hack on the Healthcare Industry

By Del Peñano
Feb 15, 2017

The healthcare industry is expected to be a top target for cyberattacks in 2017, according to Experian 2017 Data Breach Industry Forecast report.

Imagine how much of our personal information is contained in our health records. Typically, records include medical history, social security numbers, date of birth, etc. If a data breach were to occur, all of this information has the potential to be vulnerable for cyber thieves to have access and potentially steal our identities.

Another example is when clinics or hospitals need to access your Electronic Medical Records (EMR) but cyber thieves have “encrypted” your data and thus preventing access to needed medical records prior to a surgery or procedure. In many instances, due to ransomware you cannot regain access to the data unless a “ransom” is paid. This is not a scenario that health care professionals want to experience. More recently, in Minnesota, a dental practice had its patient’s data held hostage and hackers demanded $1600 in Bitcoins and the Doctor paid up so he can gain access to his server.

These cyber thieves know the value of our “data” and even now, there are still medical offices learning to adopt from paper to EMR (Electronic Medical Records) In fact, healthcare records that hold sensitive and personal data are 100 times more valuable than stolen credit cards according to security experts.

I know it sounds repetitive since we hear so much about ransomware, however, this method of attack will continue to be a means of extorting cash (bitcoins) from victims. The healthcare industry along with many other industries such as financial services and real estate need to take extra precautions and have proper security measures in place. Here are a few data security best practices to implement to protect your business:

  1. Good password management.
  2. Minimize storage of sensitive information, unless they are properly protected and encrypted.
  3. Do not reveal your passwords or click unknown attachments/links in phishing emails.
  4. Make sure your computer is protected with anti-virus/malware software or have a unified threat management solution in place such as Jungle Disk’s Network Threat Protection.
  5. Implement two-factor authentication to make it harder for attackers to gain access to your devices, data and online accounts.
  6. Backup your data on local, external hard drives (placed in secured location) and implement encrypted cloud backups so that you can readily access in case of catastrophe or if your system has been compromised.

The healthcare industry needs to implement security measures not only by protecting their sensitive data, but also to protect their network from intrusion, malware, ransomware, DDoS attacks, etc. Whether you’re a hospital, clinic, general practitioner or dentist, it’s of utmost importance to make sure you’re protecting your patients’ most critical data and medical records.