As more of the world becomes networked, the cyber-criminals of the world get busier. A number of high profile hacking attempts in the news as of late have raised awareness of how serious some of these cyber-attacks can be. The implications are grave for some industries. According to a newly released study from Verizon – called the Verizon 2012 and 2011 Data Breach Investigations Reports (DBIR) -- the healthcare industry needs to take measures to prevent cyber-attacks.
One of the best ways to prevent against cyber-attacks is to ensure that all employees who use the networks are aware of the potential and educated enough to take steps to prevent attacks. Stu Sjouwerman, CEO and founder of KnowBe4, a security awareness training firm, recently responded to the healthcare industry findings, encouraging companies to take precautions by implementing employee training designed to prevent cybercrime.
Verizon's fifth DBIR report was based on 855 data breaches consisting of over 174 million compromised records. Within the healthcare industry, results revealed some interesting data:
- Out of businesses with up to 100 employees, outpatient care facilities faced the most attacks
- Most attacks were financially motivated—focused on point-of-sale (POS) systems to gain personal and payment data
- Attacks generally involved hacking or malware.
KnowBe4 offers a case study which shows that untrained employees can cost a company thousands of dollars.
MedLink, a year-round primary care organization with a central administrative office and clinic sites throughout northeast Georgia, fell victim to a cyberattack in 2010. Cybercriminals hacked the accounts of this healthcare provider by accessing login and password information to MedLink’s online bank account, resulting in a cyberheist of well over $40,000.
There is a distinctive pattern to how these cybercrimes occur. A targeted e-mail, which appears to be harmless, is typically sent to the company's accountant or controller. The message contains either a virus-laden attachment or a link that, when opened, installs malicious software designed to steal passwords. Armed with those credentials, cybercriminals then hack into the online banking accounts and initiate a series of wire transfers.
MedLink isn’t alone. Records show that 37 hospitals and doctors' offices nationwide have been hacked since 2009, and these attacks resulted in the theft or damage of patients' medical records. In fact, nearly 21 million Americans have had their electronic medical records stolen or lost since 2009.
“For most industries, healthcare included, their greatest susceptibility is well-meaning employees who just haven’t been trained to recognize and avoid phony e-mails,” commented Sjouwerman. “It’s critical for employees who have access to patient records to realize that cybercriminals are targeting that exact information.”
KnowBe4 offers a no-charge phishing security test and an e-mail exposure check (EEC) that reveals publicly available company e-mail addresses that cybercriminals can use to target staff.
Edited by Brooke Neuman