Malware in the media – why healthcare systems are under attack
Also this summer incidents were reported in general news media involving cyber- and ransomware-attacks on healthcare organizations. Cyber-attacks on healthcare organizations are not uncommon. According to CSO-online “the healthcare experiences twice the number of cyber-attacks as other Industries”. We therefore ask why healthcare systems are under attack so often?
Why is healthcare the favourite victim of cyber criminals?
In the America’s, Europe, Russia and Australia some form of universal healthcare is regulated by law. With the medicine and medical equipment industry it is one of fastest growing industries in the world. As an example, in 2017 healthcare spending accounted for 17.9 percent of the Gross Domestic Product of the United States of America.
The high number of reported data breaches can be explained by the fact that big business always attracts the interest of criminals. Ironically the increasing governmental legislation on data protection and privacy and the associated fines and penalties, make these organizations (and their IT-suppliers) a suitable candidate for blackmail. This explains why the healthcare industry is so often targeted by ransomware.
The low awareness and security budgets are the third reason why healthcare is so often attacked by cyber criminals. Due to the high cost of healthcare many governments have deregulated or decentralized healthcare systems to cut costs and governmental spending. These cost reductions and organizational changes often have a negative impact on security, making them an easy target for cyber criminals.
Why has your healthcare data so much value on the black(hat) market?
When you search this question on the internet, you will find a lot of articles explaining why. Before briefly explaining what cyber criminals can do with your healthcare date, the number one reason why health data has more value than financial data on the black market is the fact that it is hard, nearly impossible, to change this data.
You can easily block a credit card, you have to go through some hoops and loops to change your bank account number, but it is impossible to change your social security number or citizen service number. While this personal-ID is privacy protected, many companies ask you to disclose this information when using their services. Obviously because they can track you so easily in case of non-payment or fraud.
This ease of identification is the prime reason why hackers use it for ID-theft. Just have a look at the list of interesting things a hacker can do with your social security or citizen’s service number:
- Governmental communication
In most countries your social security or citizen’s service number is needed to communicate with governmental organizations. Combined with other identifying information as your birth-date it can be used to redirect tax-refunds
- Financial services
Most financial services require this uniquely identifying number to apply for a load or credit card. Problem with this kind of ID-theft is that the victim knows when the criminal starts to miss return payments. Even when you succeed in proving iD-theft, it will take some time before your negative credit score is removed.
- Misuse of medical services
Obviously this number can be used to obtain medicine or medical services at your costs. This misuse will backfire on you when the costs are not covered by your medical insurance, or you medical insurance increases the monthly premium you have to pay.
- Misuse of utility services
Even utilities and telecom services often ask you to provide them your social security or citizen’s service number. When something is required to get something on credit, it will be used by cyber criminals to obtain these goods or services for free at your expense.
- Cover for criminal activities
This unique number is also required to obtain other identifying documents like driver license and passport. Although in movies it always seems relatively easy to obtain a full fake ID, in practice most of these documents are protected with biometric data. When a criminal uses your social security number to cover criminal activities you have hit the jackpot in terms of bad luck.
The prime responsibility for safe guarding your data is at the companies who keep this data. By being aware of what you disclose as an individual on the internet and on social networks, you can help to reduce the risk of ID-theft. Have a look at our Wiki-pages for helpful security tips.