As we discussed in an earlier blog post, medical data breaches are a serious threat to your privacy. Now that you have a better understanding of what a medical breach is, and how it might be committed, we’re going to look at several trends that can seriously impact the security of your medical data.
Ransomware is on the rise
At press time, half of the data breaches reported in 2021 utilized ransomware. The three biggest data breaches in October, which involved at least 2.5 million patient records, were all due to ransomware. This lines up with what we observed in 2020, where at least 34% of all medical facilities faced a ransomware attack.
Ransomware is a popular option amongst thieves because the current state of our healthcare infrastructure—paired with the lack of security training many healthcare professionals receive—can make it easy to infect a network. Ransomware can be installed if an employee clicks the wrong link in an email, for example, and can move swiftly through a network.
Once thieves have access to the data, they can effectively hold it hostage by downloading it and threatening to sell it. They may also encrypt the files held on a network’s server system, effectively rendering the files inoperable until demands (usually a ransom) are met.
What facilities are being targeted?
A third of healthcare providers experienced documented ransomware attacks in 2020, but there doesn’t seem to be a particular type of facility that thieves are targeting over others. Hospitals figure prominently in many attacks, typically because they have a large number of patient files that thieves can obtain in one fell swoop.
But specialty clinics like dermatologists and ophthalmologists have also come under fire, along with “mom-and-pop” doctor’s offices and even health insurance companies.
What are the consequences of cyberattacks?
A cyberattack leading to a medical breach can instantly compromise hundreds or thousands of patient files—but that’s just the start. When healthcare facility networks are destabilized, everything from basic check-ups to life-saving surgeries may be halted or at least delayed.
This stutter in service may go on for months as staff attempt to restore files, shift their record-keeping to pen and paper, or negotiate with the attackers.
Who is committing these attacks?
Cyberattacks are often committed by criminal gangs or nation-states—or possibly the former representing the latter. A prominent one that we know of is Ryuk, a Russian-based “ransomware gang” that struck at least 235 hospitals and several other healthcare facilities in 2020. They pocketed over $100 million in ransom money.
How do I know if my data has been compromised?
HIPAA requires healthcare providers to tell you if your data has been breached. Unfortunately, they have up to 60 days to let you know—and that’s if a breach has compromised more than 500 files. If it’s a smaller breach of less than 500 files, your healthcare provider may have up to a year to inform you.
You may notice strange things in your medical bills and Explanations of Benefits—treatments you didn’t receive, doctors you didn’t visit, and incorrect diagnoses. This is a strong indication that someone else is using your medical identity. If this happens, you should contact your health insurance company and the various facilities listed in the bill, as well the HHS.
Clearing your records and repairing any damage done to your medical information will be a tall order. Why not get ahead of the criminals and keep your medical privacy secure, even in the event of a cyberattack? HealthLock’s powerful AI software monitors your medical transactions and flags those that look suspicious. If we discover you’re the victim of a data breach, we’ll alert you and can help protect you from any resulting damage.
Cyberattacks aren’t going away—help lock down your medical data with HealthLock.
Sources:
https://www.healthcareitnews.com/news/biggest-healthcare-data-breaches-2021
https://www.hipaajournal.com/sound-generations-reports-two-ransomware-attacks-affecting-over-100000-individuals/
https://www.hipaajournal.com/patients-unaware-of-the-extent-of-healthcare-cyberattacks-and-data-theft/
https://www.hipaajournal.com/october-2021-healthcare-data-breach-report/
https://www.sophos.com/en-us/medialibrary/pdfs/whitepaper/sophos-state-of-ransomware-in-healthcare-2021-wp.pdf
https://perspectives.ahima.org/ransomwareinhealthcarefacilities/
https://www.hipaajournal.com/at-least-560-u-s-healthcare-facilities-were-impacted-by-ransomware-attacks-in-2020/
https://www.armis.com/blog/choosing-and-using-healthcare-it-metrics-and-kpis-for-medical-device-security/
https://www.beckershospitalreview.com/cybersecurity/meet-the-ransomware-gang-behind-235-attacks-on-us-hospitals-7-things-to-know.html
https://nymag.com/intelligencer/article/ransomware-attacks-2021.html
https://www.forbes.com/sites/forbestechcouncil/2021/09/27/ransomware-gangs-who-are-they-and-how-to-stop-them/