By Brian Bobo, chief digital officer, Greenway Health.
Healthcare ransomware attacks have become more common in recent years, and in many cases, caused considerable damage. At least 148 U.S. healthcare organizations fell victim to a ransomware attack in 2021, the most attacked industry, according to a March 2022 HIPAA Journal report.
With increasing threats from overseas, growing cybercriminal organizations, and the COVID-19 pandemic, it’s no surprise a sharp rise in breaches and healthcare ransomware attacks has occurred across the healthcare ecosystem.
As the situation grows more volatile, it’s vital to understand why threats like breaches and healthcare ransomware attacks exist and ways ambulatory practices can work to reduce cybersecurity risks.
The Most Valuable Record
It’s not just because the patient health information (PHI) the record contains that makes it valuable to cybercriminals, but the other information that accompanies PHI, such as addresses, birth dates, social security numbers, and even more obscure data such as insurance policy numbers, all of which someone can use to impersonate patients and commit identity theft.
With this stolen information, a cybercriminal can more easily steal someone’s identity because they now know important information no one else does. It’s what makes health records so valuable — not always the record itself, but what can be done with the information.
The average healthcare industry breach is so expensive because of the costs of remediation, recovery legal actions, and regulatory fines. In 2021, the average cost of a healthcare breach was $9.23 million, up 29.5% from $7.13 million the previous year, according to IBM Cost of a Data Breach Report 2021.
Taking it a step further, by failing to keep patient records private, an ambulatory practice could face substantial penalties under HIPAA’s Privacy and Security Rules, cause potential harm to its reputation, and patient safety can be severely impacted. A hacker’s access to private patient data not only opens the door to steal information but they can possibly even alter the data — severely impacting patient health and outcomes.