Health Information Exchange Featured Article

November 05, 2012

Healthcare Industry Susceptible to Cyberattacks, According to Study

A new study from Verizon has revealed a surprising victim of cyberattacks: the healthcare industry. In its 2012 and 2011 Data Breach Investigations Reports (DBIR), Verizon based its findings on 855 data breaches, which resulted in over 174 million compromised records.

Among the findings of the study were the revelations that outpatient facilities had the most attacks to contend with, most attacks were focused on point-of-sale systems in order to gain access to payment data, and the attacks that occurred typically involved malware or hacking. According to a statement from KnowBe4, there is a “distinctive pattern” to the cyberattacks, which involve a seemingly harmless targeted e-mail to the company’s accountant or comptroller containing an attachment or link with malicious software which gives cybercriminals the necessary information to begin authorizing a series of wire transfers from online bank accounts.

KnowBe4 has developed a Web-based training program with security consultant Kevin Mitnick, referred to as the “World’s Most-Wanted Hacker”, which involves demonstration videos, case studies, and short tests. The Kevin Mitnick Security Training program is one that is important; according to Stu Sjouwerman, cybercrime expert and founder and CEO of KnowBe4, “For most industries, healthcare include, their greatest susceptibility is well-meaning employees who just haven’t been trained to recognize and avoid phony e-mails.”

While these concerns are important for all industries, it is becoming a growing concern for the healthcare industry, which has faced many attacks. Since 2009, close to 21 million Americans have had their electronic medical records stolen and 37 hospitals and doctor offices have been hacked. There is a great deal of sensitive information made available to healthcare providers which, if in the wrong hands, could be potentially disastrous.

Although training is advised as the first line of defense, other steps suggested by KnowBe4 include an e-mail exposure check and a phishing security test.

Edited by Brooke Neuman