The healthcare industry consistently tops the list of high-risk targets when it comes to cyberattacks. In fact, many cybersecurity experts believe the healthcare industry is the biggest target for cybercriminals today. Hospitals, urgent care providers, pharmaceutical companies, and all other major healthcare organizations are considered prime targets for cybercriminals due to their wealth of patient information.
Medical records draw a far higher price than credit cards on the dark web. These records – usually containing an individual’s name, birthdate, SSN, and medical information – can sell for as much as $60 per record, whereas social security numbers are a mere $15. In addition, the number of medical devices susceptible to attack is increasing and will continue to increase as the implementation of the 5G network strengthens and enhances our internet connectivity. An attack on a medical device, such as a pacemaker, threatens patient safety but also provides potential access to the larger network. Cybercriminals can leverage the threat to patient safety as a way to justify higher demands in ransomware attacks.
COMMON TYPES OF CYBER ATTACKS IN THE HEALTHCARE SECTOR:
- Ransomware Attack
- Medical Device Attacks – IoT Attacks
- Trojan Malware
- Denial of Service Attack
- Mobile Device Exploit
TOP CYBER RISKS FOR THE HEALTHCARE SECTOR:
- Patient Safety
- Bodily Injury/Property Damage
- Theft of Personal Healthcare Information
- Business Interruption Loss
- Reputational Harm
- Financial Risk – Civil Liability
- Regulatory Risk
- Contingent Business Interruption Loss due to a Third-Party Vendor Disruption
Healthcare companies face significant reputational, financial, and regulatory exposures due to cyber incidents. Medical device security, supply chain risk, and overall patient safety are top priorities for healthcare organizations today.
EPIC’s team of dedicated healthcare and cybersecurity experts will help you develop a unique comprehensive risk strategy that addresses these evolving threats.
Kelly S. Geary
Managing Principal, National Cyber Practice Leader