Dive Brief:
- Healthcare organizations will be the No. 1 target of cyberattacks in 2017, a new report by global information services group Experian predicts.
- Within healthcare, the primary target will be electronic health records as perso
- nal medical information has a profitable market on the dark net.
- Meanwhile, a report released Monday by Tenable Network Security gives the healthcare industry a "D" for overall performance on cybersecurity, down from a "C" a year ago.
Dive Insight:
EHRs’ portability and multiple access points make them particularly vulnerable to hacking, and a single outdated or compromised system can lead to a breach, the Experian report says. And as more healthcare institutions utilize new mobile applications, these could introduce new vulnerabilities that attract cyber criminals.
Experian also warns that “aftershock” password breaches will continue long after an initial attack. To protect against this, companies should adopt two-factor authentication to verify users, the report recommends.
“Ransomware presents an easier and safer way for hackers to cash out; given the potential disruption to a company, most organizations will opt to simply pay the ransom,” according to the 2017 Data Breach Industry Forecast. “This has unintended consequences of funding more research and development by attackers who will in turn develop more sophisticated and targeted attacks.”
Tenable’s report card not only gave healthcare a "D" for overall cybersecurity, but also a "C" for security assurance and an "F" for risk assessment. Yet only one of the seven industries included in the report received a higher overall score than "C-" - the retail industry with a "C."
Cyber and ransomware attacks hit a number of hospitals and health systems this year, including Hollywood Presbyterian Medical Center, Maryland-based MedStar and Banner Health. To understand the vulnerabilities a system faces, hospital chief information security officers should create a realistic roadmap of potential weak spots and regularly reassess those to see if any have risen in priority and warrant immediate action, Todd Inskeep, a principal at Booz Allen Hamilton, told Healthcare Dive earlier this year.