A new ransomware headline appears every week, a frightening indication of how prevalent such attacks have become. But when Change Healthcare, one of the nation’s largest providers, was hit in February of this year, the impact was severe enough to draw the attention of the US Congress.
While the exposure of patient records in the attack was concerning enough, broader repercussions were even more severe. The disruption extended beyond the data breach, impacting practitioners, pharmacies, insurance companies, and patient care:
- One diabetic patient faced the choice of paying $1,200 out of pocket or going without medical supplies that could risk life-threatening complications.
- Prescriptions and insurance claims were delayed.
- Medical forms had to be filled out by hand instead of electronically.
- Providers could not confirm whether patient care bills were paid.
Since this attack on this particular organization has such a significant ripple effect, lawmakers are now determined to look into solutions to make sure the next attack will not impair hundreds of affiliates because of a “single point of failure.”
Read our CEO’s 24x7 Article About Cyber Threats Against Healthcare Providers
What Makes Healthcare Providers Vulnerable?
Healthcare organizations are a prime target for hackers, and the reason is obvious – when a data breach can put lives at risk, the motivation is stronger for the provider to pay the ransom. That’s what Change Healthcare did – to the tune of $22 million. And that is just a fraction of the company’s financial hit, which could grow to $1.6 billion by the end of the year. Change has also provided over $6 billion in advance funding to support impacted healthcare providers.
Congress may play a role in future health-care sector merger and acquisitions requests, as well as requiring greater cybersecurity controls, but it can do nothing to address to most glaring vulnerability in any organization – its people.
360Civic CEO Ron Zayas described the danger in a recently published article in 24x7, a healthcare technology management publication. He observed how servers have gotten better at fending off ransomware, but every employee in an organization is a potential target for a phishing email capable of delivering a ransomware payload.
Hackers now leverage the huge amounts of personal information available about all of us online, and combine it with artificial intelligence programs (AI) that can customize emails that appear to have been sent from a relative or close friend. They will include details about the recipient’s life and activities that will seem so authentic, they can easily result in someone clicking on a link in the text – and once that happens, they’ve got you.
What Can Be Done?
The best way to avoid these types of successful attacks is to cut off the personal information pipeline that fuels effective phishing. For an organization with thousands of employees that may seem like a daunting task – but with online privacy protection it is one that can be achieved – and at a reasonable cost.
“To address the danger these attacks represent to personnel, patient safety, and professional reputation, as well as the cost of legal and financial liabilities, forward-thinking providers should be exploring preventative and reactive measures as a new standard in strategic, data-compliant business operations,” Zayas writes.
Our new whitepaper, Ransomware and Healthcare Providers: A Prevention and Protection Strategy, addresses the increasing threat of cyberattacks in healthcare. It details the critical role personal information plays in these attacks and outlines effective preventive measures, including enhanced security protocols and employee training, that you can implement in order to start protecting your organization.
Download the Whitepaper Here
Learn what you can do now to protect yourself and your company. It can be done – and with help from an experienced privacy protection provider (yes, that’s us) it’s a lot easier than you might think.
