(Lauren Bishop/CDC)

Increasingly Destructive Cyber Attacks on Healthcare Expose 5M Patient Records

Merlin International, a cybersecurity solutions provider for healthcare organizations, in partnership with the Ponemon Institute, a leading IT security research organization, today released the results of its “2018 Impact of Cyber Insecurity on Healthcare Organizations” study. Recognizing that hospitals and payer organizations (healthcare organizations or HCOs) are facing constant, increasingly destructive cyber attacks, this survey examines the myriad of cybersecurity-related challenges and how organizations are (or are not) addressing them. Results show the security stakes are high, with 62 percent of the 627 executives surveyed admitting to experiencing an attack in the past 12 months, and more than half losing patient data as a result.

According to publicly available data, breaches in the last year hit a new all-time high. Of five industries tracked, the Medical/Healthcare industry accounted for more than 23 percent of total breaches in 2017, resulting in the exposure of more than five million patient records. Only the business sector saw more successful attacks, with HCOs following second for the fourth year running.

Among healthcare providers surveyed, the majority set, manage and/or determine IT priorities, budgets and strategy while working at organizations counting between 100-500 patient beds (67 percent) and with an estimated ten thousand to one hundred thousand network connected devices (66 percent). A detailed categorization of survey respondents can be found in the full report.

Notably, organizations surveyed are equally concerned with external attacks (63 percent) as they are with employee negligence or malicious insiders (64 percent). And what are the bad guys after? When asked, respondents highlighted the top five items:

  • Patient medical records (77 percent)
  • Patient billing information (56 percent)
  • Log-in credentials (54 percent)
  • Passwords and other authentication credentials to systems, servers or applications (49 percent)
  • Clinical trial and other research information (45 percent)

Hackers eager to cause chaos, steal or hold data for ransom subject healthcare organizations to all types of attacks. The exploitation of existing software vulnerabilities greater than three months old leads the way at 71 percent, followed closely by Web-borne malware attacks at 69 percent. While the report finds many traditional attack types being used, the rise of ransomware – at 37 percent – should raise alarm as this is a new and lucrative attack vector. Hackers are successfully earning significant income from holding systems and data hostage.

Read more here

The Government Technology & Services Coalition's Homeland Security Today (HSToday) is the premier news and information resource for the homeland security community, dedicated to elevating the discussions and insights that can support a safe and secure nation. A non-profit magazine and media platform, HSToday provides readers with the whole story, placing facts and comments in context to inform debate and drive realistic solutions to some of the nation’s most vexing security challenges.

Leave a Reply

Latest from Cybersecurity

Go to Top