The healthcare industry has always been a primary target for cybersecurity threats but in recent years, the threat level has escalated as more and more valuable data about patients is stored online. Moreover, the industry has recently become a favorite target for cyber espionage as organizations look for an edge in the highly competitive fields of medical and pharmaceutical research. And as we continue to see growth with biomedical devices for critical healthcare functions, there are even more security concerns for healthcare IT leaders.
This trend towards more cyber attacks and espionage in the field was confirmed by FireEye in a new report — Beyond Compliance: Cyber Threats and Healthcare. One other conclusion highlighted by the report is, that despite being a known target for cyber attacks, the healthcare industry is lagging other sectors in taking appropriately robust security measures.
Here are some key takeaways from the study for healthcare information security leaders:
Cybercrime Threats to Healthcare Organizations
Financial gain is the most common reason for cyber attacks. With the ability to access documents with complete personally identifiable information (PII) cyber criminals are able to maximize the return on their criminal activity. Equally, with healthcare information being time sensitive and critical to care, healthcare organizations are prime targets for ransomware.
Cyber Espionage a Rising Trend for Healthcare Organizations
Cyber espionage, the act of stealing classified, sensitive data or intellectual property to gain a competitive advantage, can be catastrophic when it disrupts healthcare operations. In recent years, FireEye’s researchers found there has been a huge increase in the theft of cancer research data by Chinese espionage groups, likely stemming from a rising mortality rate among cancer patients in China. Additionally, the “Made in China 2025” plan includes a push for increased development of medical technologies and devices, which may also be another driver of these threats.
What to Watch for Next: Hacktivism/ Information Operations
At present, hacktivism and information operations are a much less common threat to healthcare organizations. However, FireEye’s researchers confirmed in the report that hacktivst campaigns and other information operations should be on the radar for healthcare organizations. As the global political situation becomes more volatile, there is a growing interest from nation states who want to disrupt or destroy healthcare capabilities in a given region where there are heightened tensions or national interests at stake. This type of information warfare could also be applied to attacks on biomedical devices, such as pacemakers and insulin pumps.
Because healthcare organizations maintain such a wealth of valuable data and access to critical systems, the downstream impacts of a data breach or cyber attack have extremely serious consequences. For these reasons, it’s essential that healthcare leaders are primed with information, resources, and partners to not only address today’s threats, but those that are building on the horizon.
Download the full report – Beyond Compliance: Cyber Threats and Healthcare.