What is a cyberattack, first of all? In simple terms, a cyberattack is a deliberate and malicious attempt by an individual, group of individuals or even an organization to breach the computer, multiple computers, or networks of another individual or organization. Cyberattacks can either disable the target computer(s) and network(s) or access their data and admin privileges.
Breaches to steal personal health information (PHI) are hot these days on the black market. Whereas credit card information and personal health information sell for $1 to $2, PHI can sell for as much as $363, according to the Infosec Institute. The average cost of a data breach for non-healthcare companies, per stolen record, is $158. For healthcare organizations, these cost approximately $355 each.
The healthcare industry is plagued by many different types of cybersecurity threats. Here are some of the most rampant.
Malware, Ransomware and Spyware
Malware is a suspicious software like email or link that can harm an organization’s data. It gets access to its systems when someone clicks on an unnecessary email or link. Once an employee clicks on the email, it can steal the organization’s data, delete it, or misuse sensitive information. Moreover, it can also block access to critical applications or files.
Ransomware, a type of malware, is devised to lock and encrypt user or server files and devices—only to demand a ransom within a short period of time in order to restore access. In a nutshell, ransomware holds files, pictures, and personal and financial information basically hostage. Unfortunately, paying the ransom does not even ensure that access will be unlocked. Ransomware attacks jumped 45 percent—more than double than in other industries—during the first 10 months of 2020 alone.
Spyware, yet another type of malware, infiltrates devices to gather information about an individual or organization. Spyware is meant to monitor and report activity to a third party for subsequent nefarious activities.
Phishing and Spear Phishing
Phishing is a cyberattack during which your employees are contacted by email, text message or telephone by someone posing as a legitimate professional or institution to lure them into giving up sensitive information, such as passwords, banking and credit card details, and all types of personally identifiable information.
Spear phishing is the same as phishing, except that it is targeted to specific individuals, groups and organizations. Spear phishing are often more convincingly written and are much more difficult to detect. That is why with the rise of remote healthcare professionals and reduced cybersecurity precautions, spear phishing has become the cyberattack of choice. In fact, 95% of all attacks that target enterprise networks are caused by spear phishing.
Distributed Denial of Service Attacks
Distributed denial of service (DDoS) attacks is a malign attempt to disrupt a targeted server, service, network or IoT devices by overwhelming it with a flood of Internet traffic. These attacks are meant to exhaust resources and bandwidth. DDoS can prevent healthcare professionals from accessing networks or equipment to provide proper patient care or utilize critical information for their jobs.
Boston Children’s Hospital was the victim of a devastating DDoS attack in 2014. The attack, conducted by hacker group Anonymous, was to protest the treatment of a patient based in her diagnoses and custody between parents. The hospital, along with other partners, including Harvard University and all of its hospitals, lost access to their networks and the Internet. Boston Children’s hospital ended up spending more than US $300,000 to respond and reduce the damages caused by the attack.
DDoS attacks, and other threats, including botnets and remote code execution, have also been on the rise. Imperva recently reported a 372% increase in DDoS and bad bot traffic to healthcare organizations since the end of 2020 alone.