UHS cyberattack: Why health care is a vulnerable target - Medical Economics

UHS cyberattack: Why health care is a vulnerable target - Medical Economics

UHS cyberattack: Why health care is a vulnerable target - Medical Economics

Posted: 30 Sep 2020 08:20 AM PDT

Expert details how health care organizations can improve their cybersecurity.

Universal Health Services, a major American healthcare provider with more than 400 facilities, has just been hit by what appears to be the largest medical cyberattack in US history. According to the official statement, the organization's network is currently offline due to an IT security issue. However, some inside sources claim the UHS is experiencing a ransomware attack. This means that the company's files got encrypted, and hackers are demanding a ransom in exchange for a decryption key.

"Having to work with the good old pen and paper is one thing, but when medical staff can't access important medical data like information about critical care patients, the situation becomes a matter of life and death. Just a week ago, the police in Germany launched an investigation after a woman died as a result of being transferred to another hospital following a ransomware attack.

So, why is healthcare such an appealing target for cybercriminals? What measures can healthcare providers take to protect patients' data?

What makes healthcare so attractive to hackers?

Healthcare institutions are a potential gold mine for cybercriminals, as they get to take hold of an overwhelming amount of the most sensitive data. Besides intimate medical data nobody wants to have exposed, hackers can get their hands on other private information, such as patients' home addresses, social security numbers, and banking information. If stolen, this data can end up in financial or identity theft scams.

Unlike in other sectors, for example, retail, the information stolen in attacks against healthcare cannot be changed upon the detection of the breach. You can always get a new credit card or change your leaked passwords, but your DNA is for life.

Healthcare organizations make for an ideal prey for hackers, as many use outdated security software and continue to underinvest in cybersecurity. The healthcare industry invests only 4% to 7% of revenue in digital security initiatives. In comparison, the financial sector spends 15% of its revenue on cybersecurity. This is keeping in mind that, to the private healthcare sector, leaks of personal data might mean huge fines and even criminal charges for HIPPA violations due to negligence.

All of the reasons above provide hackers with a good chance of having their ransom demands fulfilled. To avoid a bad reputation and even legal repercussions, healthcare institutions must make cybersecurity their top priority.

What practical measures can healthcare organizations take to protect themselves?

To prevent various failures of compliance, healthcare companies should implement the following:

  • Adopt zero-trust network access, meaning that every access request by a member of medical staff should be granted only after their identity has been appropriately verified.
  • Encrypt medical files to avoid data leaks in ransomware. Business encryption solutions like NordLocker make sure important information stored on corporate computers is always protected from prying eyes with strong encryption. The tool also offers an encrypted cloud for easy access and secured data storage.
  • Have up-to-date backups available to keep the chances of data loss as slim as possible. If an attack is successful, there will still be an unaffected older version of the files. Again, a cloud solution for companies is a great way to back up data.
  • Educate employees on cybersecurity. Since ransomware attacks usually start with a phishing email, awareness and education will help employees recognize phishing scams and avoid downloading malware or sharing sensitive information with impersonators.
  • Use a VPN for a safe internet connection. To avoid outside risks, employees need a secure connection, and here's where a VPN (Virtual Private Network) comes into play. It creates a secure encrypted tunnel between an employee's device and the internet or the company's server. A VPN protects the connection from third-party access, including hackers ready to breach the system.

Oliver Noble is a data encryption specialist at NordLocker. NordLocker is a tool that secures files stored on a computer or in the cloud with end-to-end encryption. It was created by the cybersecurity experts behind NordVPN – one of the most advanced VPN service providers in the world. NordLocker is available for Windows and macOS. For more information: nordlocker.com.
-

Comments

Post a Comment

Popular Posts

Signal, WhatsApp and Telegram: All the major security differences between messaging apps - CNET

Image
Signal, WhatsApp and Telegram: All the major security differences between messaging apps - CNET Signal, WhatsApp and Telegram: All the major security differences between messaging apps - CNET Posted: 19 Feb 2021 04:00 AM PST Brent Lewin/Bloomberg/Getty Images If your choice of encrypted messaging app is a toss-up between Signal , Telegram and WhatsApp , do not waste your time with anything but Signal. This isn't about which has cuter features, more bells and whistles or is most convenient to use -- this is about pure privacy . If that's what you're after, nothing beats Signal. By now you probably already know what happened. On Jan. 7, in a tweet heard 'round the world, tech mogul Elon Musk continued his feud with Facebook by advocating people drop its WhatsApp messenger and use Signal instead. Twitter CEO Jack Dorsey retweeted his call. Around the same time, right-wing social network Parler went dark following the Capito
Read more

VPN browser extensions: Why you shouldn't use then - Tech Advisor

VPN browser extensions: Why you shouldn't use then - Tech Advisor VPN browser extensions: Why you shouldn't use then - Tech Advisor Google Fi calls between Android subscribers will soon be end-to-end encrypted - 9to5Google How to encrypt your computer (and why you should) - Mashable How to encrypt and decrypt a folder on Android with SSE Universal Encryption - TechRepublic 4 ways to send encrypted messages on Android - TechRepublic WhatsApp “end-to-end encrypted” messages aren’t that private after all - Ars Technica ciphertext feedback (CFB) - TechTarget What Is the Windows Encrypting File System (EFS) and How Do You Enable or Disable It? - MUO - MakeUseOf Encrypting your online life is important - Telangana Today Keeper Password Manager Review – Forbes Advisor - Forbes [Update: Screenshot] Google Messages preparing end-to-end encryption for RCS messages - 9to5Google The iOS 15 priva
Read more

Police Target Criminal Users of Sky ECC Cryptophone Service - BankInfoSecurity.com

Image
Police Target Criminal Users of Sky ECC Cryptophone Service - BankInfoSecurity.com Police Target Criminal Users of Sky ECC Cryptophone Service - BankInfoSecurity.com Posted: 11 Mar 2021 12:00 AM PST Cybercrime , Encryption & Key Management , Endpoint Security Investigators Report Recently 'Unlocking' 170,000 Users' 3 Million Daily Messages Mathew J. Schwartz ( euroinfosec ) • March 11, 2021     Source: Sky ECC website Police say they have disrupted Sky ECC, a global encrypted communications network allegedly used by numerous criminals to plan their operations. See Also: Live Webinar | The Role of Passwords in the Hybrid Workforce Law enforcement authorities say Sky's cryptophone service, which includes both infrastructure and apps, is run from the United States and Canada, using infrastructure and private servers based in Europe as well as the service's own SIM cards. Sky ECC devices are available via vari
Read more