Why are hackers targeting healthcare is a good question and the fact that the dark web is selling 655,000 medical records is a clear indication of why they are doing it, extremely profitable.
Hackers have reported that the current 655,000 medical records for sale are from three different organizations. The medical records include detailed information including Social Security numbers and personal addresses as well as Blue Cross Blue Shield Insurance records. The cybercriminal group offering these records is not trying to cash in at once, they prefer to send out small ransoms (ransomware) to the victims with a small ransom instead. Obviously the healthcare industry is very lucrative for cybercriminals since medical data can be used for fraud or identify theft.
Why are hackers targeting healthcare and what are the risks?
Medical data is more valuable than credit card fraud or online scams. Medical information may contain tons of information including patient medical history, medical prescriptions, and other personal information. As healthcare companies start to upgrade their IT infrastructure and introduce new technology, if the network is left vulnerable, cybercriminals can remotely connect and use it as gateways for attacking network security.
Secure your data from hackers targeting healthcare?
You must take a proactive approach in order to secure your date from cybercriminals. There are various studies and stats out there and the majority of healthcare companies have a high level of failing basic security practices.
In order to protect your data and business, you should consult with your IT department or IT consultant to ensure the following is address.
- Disable concurrent login to multiple devices.
- Enforcing strong authentication and encryption.
- Isolating mission critical devices and medical data storing servers.
- Create and implement corporate security policies.
- Implement Intrusion Detection Systems and access control lists.
- Perform regular Penetration testing (pen-testing) for identifying network and software issues.
- Invest in training staff to correctly identify security threats to your organization.