The cyberwar against health care practices
While physicians worked to deal with COVID-19, hackers kept busy, too. From January through October of last year, there were 730 publicly disclosed security breaches with more than 22 billion records exposed, according to the cybersecurity firm Tenable. Health care made up 25% of those breaches with nearly 8 million records exposed.
Ransomware was by far the most popular attack method in 2020, making up 46% of the breaches. Ransomware is a malware that encrypts and locks your data making it inaccessible unless a ransom fee is paid to get it back. Success in extorting ransom payouts has made ransomware the top cybersecurity threat in the near future. The University Hospital in New Jersey paid out $670,000 only to encourage further attacks. And while larger institutions can pay those ransoms, that does not mean they overlook smaller practices, which can be tempting targets of opportunity — particularly those with lax security. The dark web are run by these threat groups, and data from doctors’ offices show patient information, including photographs, health history forms and other private details. Avoid HIPAA Penalties and Fines resulting from:
Ransomware may constitute the biggest threat to most practices, but it is far from the only one. As regulators require more patient access to data, payers interchange more data with providers, and services like telehealth grow in popularity, increases in the number of connected devices will make practices more vulnerable to hackers.
Experts say that the pandemic has created many new threats to a practice because people are working from home. Hackers may use COVID-19 information as the lure for office staffers to click on links that install malware. Emails are made to look like they are from health departments offering the latest on vaccine distribution or other vital information. In other cases, hackers exploit a weak point of the worker’s computer.
Hackers are opportunists and will often target the practice or facility with the lowest level of security. Instead of trying to spend weeks or months trying to get into a hospital, they can target smaller medical practices with weak cybersecurity in a couple hours. It adds up too, if a hacker hits multiple smaller practices they can walk away with more money instead of trying to extort a large healthcare organization that will bring in the law enforcement and government agencies.
Data security laws can vary with location. Cybernon assists your firm to understand the legal responsibilities in the event of a breach.
Breaches of Unsecured Protected Health Information affecting 500 or more individuals. View a list of these breaches.
Don’t be Next! Save yourself the headache. Contact us today to ensure your medical office is safe.
Get a 30 Day Free Trial of Cybernon’s Services.