Ransomware and Phishing Threats Grow for 2015
Be prepared. Experts say that ransomware, and phishing cyberattacks are likely to escalate against healthcare in 2015. This means healthcare providers and insurers need to be on their guard when it comes to defending their clients’ protected health information (PHI).
Experian’s 2015 Data Breach Industry Forecast called healthcare “a vulnerable and attractive target for cybercriminals.” By August 2014, healthcare data breaches had already affected 30 million people. While predicting more data breaches, Experian’s report noted that many doctors’ offices, clinics and hospitals may not have adequate resources to safeguard patients’ personal health information.
Scott Koller, a lawyer at BakerHostetler, which focuses on data security, data breach response and compliance issues, told iHealthBeat that 2015 will see a spike in phishing and ransomware attacks.
Phishing attempts use deceit to persuade users to provide confidential information such as usernames and passwords or credit card numbers. “Phishing emails often provide the entry point,” Koller said, explaining that the attackers are getting craftier in disguising their phishing emails. “They are much more sophisticated in terms of crafting them and targeting them to users and making them more difficult to detect,” he explained.
Phishing emails can also serve as a vehicle for ransomware attacks, which encrypt the data on a computer’s hard drive, allowing the cybercriminals to hold the information hostage until payment is made to unlock it.
The recent Anthem hack, which recently made headlines, is one such example of the dangers of cyberattacks for healthcare. And, as Health IT Outcomes reported, the Anthem data breach — which left the account information of as many as 80 million customers vulnerable — has many lawmakers pushing for new encryption standards for all health information. Anthem has also come under fire because the breached data was not encrypted.
Just six weeks after Anthem disclosed its breach, U.S. health insurance provider Premera Blue Cross announced one that may have affected 78.8 million records after hackers compromised a database.
Cybercriminals are deploying their own tactics to take advantage of the Anthem hack by sending phishing emails to affected customers posing as official Anthem communications with updates regarding the breach, according to Komando.
InfoSec Institute predicts that 2015 will be hard on healthcare. “Companies operating in the sector are a privileged target because of the wealth of personal data they manage, and that represents a precious commodity in the criminal underground. Healthcare data are valuable because medical records can be used to commit several types of fraudulent activities or identity theft.”
In particular, these types of attacks will increase in the United States and the United Kingdom where “criminal organizations are specializing in cyberattacks against infrastructures that manage Electronic Health Records (EHRs).”
And Carl Leonard of WebSense agreed, stating: “The healthcare industry is a prime target for cybercriminals. With millions of patient records now in digital form, healthcare’s biggest security challenge in 2015 will be keeping personally identifiable information from falling through security cracks and into the hands of hackers.”
“Encryption very much needs to be on everybody’s radar,” Koller asserted. A *September Forrester Research report found that only about half of healthcare organizations secure data using full-disk encryption or file-level encryption.
In the face of increasing threats, healthcare organizations are boosting their security efforts, with investment in encryption and mobile device security; two-factor authentication; security risk analysis; advanced email gateway software; and incident response management.
*Stolen And Lost Devices Are Putting Personal Healthcare Information At Risk, Forrester Research, Inc., September 4, 2014