Nowadays, security concerns are increasing exponentially in the health care as cyber-attackers are viewing hospitals as their most financially lucrative targets.
In 2020 alone, statistics indicate 25% increase in breaches and this number is projected to grow as the number of data entry points to a patient's medical records continues to grow. Every automation opportunity increases the security risk.
Today’s healthcare executives worry about the security of EMR and EHR systems in their organizations. These worries are a result of the increasing cyber-attacks on medical institutions across the United States.
Over the past years, there has been evidence of cyber-attacks on the US health systems, and this has attracted the attention of the federal agencies. Hackers have been able to pull large amounts of personal data from outdated medical record systems which lack necessary security features, and this has been one of the primary reasons for cyber-criminals to target healthcare facilities.
Let's look at some of the most visible cyber-attacks on hospitals in the US.
Stolen financial data
Stolen financial data is the first category of the most visible cyber-attacks on hospitals in the US. The first serious case was discovered in 2015 when hackers accessed 80 million customers and employees personal information and stole tens of millions of records. This has been registered as the one of the largest data breaches of healthcare information discovered in history.
Cyber-attackers targeting personal data with the aim of participating in insurance fraud are the second category of visible cyber-attacks on US hospitals. Most attackers use personal data like billing information, policy numbers, diagnosis codes, and birth dates to file fake medical claims to insurance companies.
This personal information is all that the insurers require for reimbursement, and at this case; it's usually done for services never provided. The personal information acquired can also be used to make fake IDs which can be used to buy illegal drugs for personal use or medical equipment.
Social engineering has become one of the common ways of deploying malware to infect systems. Companies that publicly display their employees' contact information are the frequent targets.
Hackers then sent individual employees phishing emails with links or attachments that seem to be safe in nature. Once the employee opens the link or attachment, it immediately infects the user's computer and then spreads throughout the entire health system.
When ransomware attack happens, a hacker penetrates the hospital's network and access data. This data is then copied over and encrypted.
Once the encryption is complete, the hacker deletes the original data, and the hospital won't be able to access the encrypted data until a ransom is paid. Hospitals are usually not able to access the EHR while the application is locked down.
This results in the overall delay in patient care as any communication must be done through telephone calls or faxes.