Cybercrime is on the rise, especially in the healthcare industry. According to Cisco, patient data, stored in platforms such as EHRs and medical office software, is a particularly lucrative for cybercriminals, because it contains information about a victim's identity, such as their social security number, address, insurance provider and so on. Criminals also scout out the data because, unlike bank account fraud, it can take an extensive amount of time before the crime of patient health data theft is uncovered, providing the perpetrator with plenty of time in which to commit their crime.
Common types of attack
Two of the most common forms of cybercrime that hospitals face are ransomware and phishing crimes. Phishing crimes entail the theft of protected patient data, while ransomware crimes involve a criminal holding valuable data hostage. According to Healthcare IT News, ransomware attacks in particular are very common. The source reported that 75 percent of healthcare organizations across the country have experienced some form of ransomware attack.
New study finds password security is lax
Despite the growing threat of cybercrime, a new study from the University of Pennsylvania has found that healthcare professionals often fail to take password protection seriously, Fierce Health IT reported. The study was composed of interviews with an array of health professionals - from doctors, to nurses, to chief medical information officers and so on. Researchers found that a number of the professionals failed to take strict measures to protect their passwords. For example, practices such as leaving computers logged in and unattended, and passwords being written on paper and shared was common practice, Fierce Health IT detailed.
The study found that although most of the health professionals interviewed were aware of the potential security risks of such actions, they continued with them anyway because they saved time and are more efficient. Time and efficiency is especially vital in a medical setting such as a hospital, where life and death decisions are made on a daily basis.
Despite the actions of the hospital staff, most interviewees revealed that they were not held accountable for their actions and that it was in fact common practice. The disregard of IT security measures by health professionals likely leads to tension with hospital IT staff determined to keep systems as safe as possible.