Tag: spearphishing

3 Ways Healthcare Organizations Should Protect Patient Data and Earn Back Trust

By Dena Bauckman, vice president of product management, Zix.

Dena Bauckman, CISSP
Dena Bauckman

When you go to the hospital, you want to be under the care of the best personnel and state-of-the-art technology. It’s easy to assume that’s the case when you’re surrounded by astronomically expensive devices like MRI machines, CT scanners, and surgical robots.

Behind the scenes, however, systems might not be on the cutting edge. According to a report from the Institute of Global Health Innovation at the Imperial College of London, the National Health Service is plagued by inadequate cyber defenses that could put the service system’s patients at risk. The picture isn’t any rosier on this side of the Atlantic Ocean. In September 2019 alone, just shy of 2 million records were breached in American healthcare hacks.

Antiquated computers, insufficient funding, and a lack of necessary expertise in cybersecurity are all combining to create a dangerous situation in healthcare. Sensitive as patient data may be, its theft isn’t even the biggest risk. “A cyberattack on a hospital’s computer system can leave medical staff unable to access important patient details — such as blood test results or X-rays, meaning they are unable to offer appropriate and timely care,” one of the aforementioned report’s authors wrote. “It can also prevent life-saving medical equipment or devices from working properly.”

A Typical Diagnosis

Despite the plethora of healthcare cybersecurity breaches in the headlines, most organizations still aren’t prepared to defend themselves against the latest generation of cyber threats. That’s no surprise because the number of threats they must contend with is increasing each day. In order to provide the best care possible, healthcare organizations must also collect some of the most valuable data available to enterprising cybercriminals.

Birthdays, Social Security numbers, payment information, and health records all add up to an identity theft gold mine. Once they have the information, hackers can steal even more with targeted phishing campaigns (a practice called spearphishing) that are almost impossible for the average user to detect. If all else fails, the granular detail associated with healthcare information means that the data can fetch a large sum on the dark web — especially when records are stolen by the millions.

As healthcare organizations adopt exciting new technologies, the problem only becomes worse. Those new technologies come with new vulnerabilities, some of which won’t be discovered until they’ve caused a breach. With so many digital devices (including those owned by employees) being used to access, store, and transmit sensitive data, it’s no wonder hackers are having an easy time finding an entry point.

Continue Reading