Healthcare sector faces cyber-pandemic
Ransomware and information theft
Data managed within the healthcare sector is highly sensitive and contains large amounts of personal information. In the wrong hands this information can be used as a master key to carry out targeted attacks. For cyber criminals this is a lucrative business as this kind of data will fetch a high price on the black market.
According to IBM, the healthcare sector ranked top of their list, with the most security attacks in 2015. Attacks continue to plague the sector causing the shutdown of hospitals, having had their data encrypted by cybercriminals. The Ponemon Institute recorded a 125% increase in such information theft over the past five years.
Technology has made the digitisation of health records possible - it is easier to manage patients’ records and treatments. That said, without proper procedures and protection in place it is easier for cyber criminals to access the data.
Analysis by PandaLabs has demonstrated how these attacks have escalated from specific to large scale cases. For health insurance provider - Anthem, the digitisation of health records without maintaining proper security led to the loss of 80 million client records. Those records included the social security numbers of clients, among other sensitive information.
How can these attacks be avoided?
Although many organisations resort to paying the ransom, it is important to take note that this does not guarantee that stolen documents or information will be returned. In many cases payment of the ransom did not end with the safe return of the encrypted documents.
PandaLabs has the following recommendations on how you can avoid a cyber-pandemic:
- Ensure you have a cyber-security framework incorporating advanced protection with detection, containment and remediation features.
- Take control. The common thread in these attacks is a lack of control. In order to take control of your network you need to employ a cyber-security solution that is capable of controlling all running processes across your network.
- Revise staff policies and control systems in order to adjust the privacy requirements in line with new technology.
- Run updates. Keep operating systems and company devices updated.