Cybercrime is becoming increasingly common, with protected patient data in the healthcare sector a major target. Indeed, a recent report from the Herjavec Group predicted that in the next three years, by 2020, the number of healthcare industry ransomware attacks will quadruple. Still, despite the growing issue, the major threat targeting patient healthcare is seemingly not criminals, but insider error. An article from Recode cited a global survey from the International Security Forum, which found that a majority of data breaches, across all industries, are caused by simple mistakes from employees who are not looking to do harm.
A new survey from Protenus, however, has shown a buck in this trend for the first time ever across the healthcare industry. July 2017 was the first recorded month where cybercrime was more responsible for data breaches than insider error. Read on to learn more.
What did the Protenus survey discover?
According to the Protenus investigation, July 2017 witnessed a total of 36 incidents wherein patient data was breached. Of course, this number only accounts for the number of events that were reported, either to a state's Attorney General or the U.S. Department of Health and Human Services. Protenus were only able to gather data for 29 of the 36 incidents.
Researchers found that, for the first time ever, hacking was the leading cause of these breach incidents - it was the reason why 17 of the reported breach events occurred. Five of these events were caused by phishing attacks and a further 10 were due to ransomware. The other incidents were registered as hacking, but a specific cause was not determined.
The most notable breach in terms of the numbers of patient records impacted was a corollary of a ransomware attack, the source noted. In this one incident, some 300,000 patient records were breached.
Perhaps one of the most shocking revelation from the survey, however, was the report of an ongoing data breach incident that remained undetected for a staggering 14 years. This stands in contrast to the average discovery time for breaches, which is around 503 days. According to Healthcare IT News, the incident involved the data for 1,100 patients, and occurred indefinitely for the 14 year period, as a practice worker intentionally looked at patient data without authority to do so. The incident was discovered after a patient complaint was made, highlighting a cybersecurity failure of epic proportions within the organization itself, as the employee was able to get away with his or her behavior for so long.
The researchers involved in the Protenus study stressed that the above incident should serve as a motivation for all healthcare organization to improve and refine their cybersecurity protocols, especially as they pertain to the conduct of employees.
What are the major forms of cybercrime?
Given the concerning finding that cybercrime has outpaced insider error in terms of patient data breaches, it is crucial for all healthcare professionals to be aware of some of the most common forms of cybercrime that target protected patient data. They include:
1. Phishing attacks
As reported by Norton, phishing occurs when cybercriminals send emails claiming to be from a reputable source - for example, a well known company, or the CEO of an organization. The email will then ask for the recipient to hand over confidential information. In some cases the emails may include links that, if clicked, can install malicious malware on the victim's computer, stealing important data.
Microsoft explained how phishing attacks can oftentimes be detected, especially if caution is exercised. Some telltale signs of a potential phishing scam include links in an email, language that is rude, abrupt or threatening and poor grammar. Healthcare workers are encouraged to consider the source of the email and the directives included - if the demand seems unusual or circumspect, professionals should check with the sender to ensure the mail is authentic.
2. Ransomware attacks
Ransomware attacks have similar origins to phishing attacks, in that they typically involve spam email. Criminals will send an email, usually with an attachment or URL link, Tech Target explained, which if clicked, will upload malicious malware onto the victim's computer, stealing important data. A ransom is subsequently demanded from the criminal's for the data's safe return. Ransomware attacks can also be carried out via software app, pop-ups and damaged websites.
Tips for better cybersecurity
There are several important steps that healthcare agencies can take to reduce the risk of a cyberattack. They include:
1. Keeping healthcare infrastructure up to date
As advised by Health Technology Magazine, healthcare organization managers should ensure that the practice IT infrastructure is as up to date as possible at all times. This includes making sure operating systems are updated as well as anti-virus and firewall platforms.
2. Training staff
As outlined earlier, one of the major causes of patient data breaches is insider error. That's why it's important for all practice staff to be trained on cybersecurity best practices, such as never leaving a computer unattended, not accessing protected information on insecure networks and so on. This should include tuition on how to spot potential phishing and ransomware scams, IT expert Dan Konzen explained, writing for the American Journal of Managed Care.
3. Creating a culture of security
It isn't enough to offer a one off cybersecurity training session - the message should be reinforced at all times, Konzen argued. Educational initiatives can include regular company wide meetings, email blasts, and resources that can be readily accessed. Cybersecurity should, in essence, be an organization wide effort, and this can be reinforced by creating a culture wherein cybersecurity in a major concern.
Mitchell Parker, executive director of information security and compliance at IU Health, elaborated on some other effective strategies in a quote to Health Technology Magazine.
"Healthcare organizations can address this issue [cybercrime] by making sure to block any unneeded services (file sharing, web services, etc.), utilizing multifactor authentication for remote access to resources, and most importantly, keeping up to date with current operating systems and patches," he explained.
Health Technology Magazine explained how, despite the increase in cyberattacks, there are encouraging signs that the healthcare sector as a whole is becoming more aware of the threats posed by cybercriminals and are a stepping up their cybersecurity initiatives as a result.