Why the Healthcare Sector is a Top Target for Hackers
There are several reasons why medical companies so often find themselves on the wrong end of a list of demands. In this section, I’ll take you through the biggest factors.
1. Patient data is highly valuable
The main thing that makes healthcare facilities so appealing to cybercriminals is that patient data is worth a lot of money. According to Cyber Magazine, this kind of data is worth up to nine times more than banking information, often selling for hundreds or thousands of dollars on the dark web.
Whereas credit cards can be canceled or blocked, medical records and Social Security numbers have a long shelf life, meaning that they can be stored and repeatedly abused. Some data is even permanent, such as past diagnoses, and can be exploited as part of long-term fraud schemes.
2. High-tech medical devices pose risks
Innovation in medical technology is largely a blessing, but it does open the door to exploitation at the hands of hackers. While different monitors and health diagnostics tools are expert at detecting medical problems and evaluating health, they’re not necessarily built to deter cyberattacks.
Hospitals and other facilities don’t store patient data on the tools themselves, but cybercriminals can gain control of them with little resistance and leverage them as part of wider fraud strategies. Whereas computers and networks usually have security infrastructure in place, medical-specific devices seldom do.
3. Staff require minimal disruption to their day-to-day
Healthcare professionals are probably the busiest and most important workers in the country, with intensely stressful jobs that require everything to be working smoothly. That means new cybersecurity infrastructure, and corresponding best practices, are relegated to low priority.
Because of this, the defenses looking after medical facilities are often old, outdated, and fallible to new, evolving threats. Furthermore, medical staff themselves don’t necessarily have the time or the training to full understand the latest threats. This creates a perfect storm for attackers.
4. Staff often access data remotely
Healthcare companies, particularly large-scale ones like hospitals, depend upon remote collaboration. This is because staff members aren’t necessarily stationed in one location — you’ll find doctors navigating different rooms, hallways, and floors as they treat different patients.
This requires the ability to access patient data remotely, which opens up new avenues for attack by hackers. And once they’ve gained access to one system, cybercriminals can bring down a whole network.
5. Budgetary constraints
Smaller medical facilities will have limited budgets, the majority of which is used to pay its staff and invest in the latest medical technology. This leaves little room for investing in cybersecurity infrastructure.
This is a big part of the reason why so many healthcare companies have been hacked: smaller companies are viewed as an easy target for hackers.
6. Security due diligence isn’t a top priority
When it comes to healthcare, it’s often literally a matter of life and death. Sometimes, a doctor needs fast access to patient data, and due diligence goes out the window. Think about it — if a patient’s condition is rapidly deteriorating and you’re awaiting the results of their latest scan, you want that information as speedily as possible. You haven’t got time to pause and assess the potential cyber threat level.
Cybercriminals know this, and it’s one of the reasons that healthcare companies are so disproportionately targeted.
