This week, Hollywood Presbyterian Medical Center paid hackers 40 bitcoins — roughly $17,000 — to restore its electronic medical record system after the hospital’s network was infected with ransomware, a computer virus that encrypts a target’s files, locking the owner out of their own data until a bounty is paid.
For two weeks after the February 5th cyber attack, the hospital had no access to their computer systems. Doctors were forced to communicate by fax, patients had to drive to the hospital to pick up test results in person, and nurses were recording patient information on old-fashioned paper charts. The entire medical center slowed to a crawl, while incredibly sensitive medical information was held hostage by cyber criminals.
Over the course of the past year, healthcare data security has dominated the headlines as a result of several large-scale healthcare data breaches such as the Anthem data breach and the Premera Blue Cross data breach. Hospitals are particularly attractive targets because of the variety of information they possess, including credit card numbers, personally identifiable patient information, and sensitive digitized medical records. In fact, cyber criminals are paid ten times more for a medical record than they are for reselling your credit card number.
Hospitals are finally starting to take notice of the very real threat they face, but they are doing so gradually. (There is nothing gradual about the attackers.) Only 29 percent of medical centers have redirected facility IT spending toward increased security, according to a recent IDC study.
In 2015, the top ten largest healthcare data breaches were categorized as “hacking/IT incidents” and the three largest breaches – Anthem, Premera, and Excellus – affected nearly 100 million individuals.
Of all of the healthcare data breaches in 2015, a massive 98 percent of them were caused by cybersecurity issues, according to a recent Bitglass report. That is a 30% increase over the healthcare data breaches that occurred in 2014.
In addition to the financial costs incurred by a data breach, healthcare providers can find themselves facing the intangible cost of a damaged reputation. Patient trust, which is difficult enough to earn in the first place, is even tougher to rebuild. Discussions between patients and their doctors, which are considered among the most personal and intimate in nature, involve exactly the kind of information patients expect to be kept completely confidential. Once the trust between patients and their care providers is broken, remediation will only go so far to help restore it.
Don’t wait to become a victim before addressing your business’ security needs. Our team of seasoned security experts can provide you with a strategic multi-tiered solution that will mitigate your cybersecurity risks. Be proactive about protecting your data and contact SLPowers today.
Image Source: Ponemon Institute