The healthcare industry is a hotbed for cybercrime. Each year, cyberattacks against healthcare organizations cost the industry more than $6 billion and impact millions of patients and staff members.
Unfortunately, the majority of healthcare organizations are failing to understand the severity of the situation.
According to a recent study, 52 percent of non-acute providers like rehabilitation facilities, clinics and doctors’ offices, as well as 32 percent of hospitals, still do not encrypt—or encode—data before transmitting it.
Why is this a problem?
Encryption renders data unreadable to anyone without a security key. Encrypted data is basically useless to a hacker. This is very important, because sensitive data—particularly private health information— commands top dollar on the black market.
Encryption is an essential cybersecurity technique that every business should be doing today. So it’s very surprising to learn that encryption is not common practice among healthcare organizations.
It gets worse, though.
Just 61 percent of acute care providers and 41 percent of non-acute providers have a patch and vulnerability management system in place. In other words, many networks are rife with security issues, yet these problems are not getting discovered and resolved in a timely manner. Hackers often discover vulnerabilities long before IT managers, which gives them plenty of time to spread mlware and steal information. Many organizations are already infected, yet they do not know it.
Malware, it should be noted, is also becoming increasingly sophisticated. Hackers are now using tools like ransomware to extort organizations into paying large sums of money. One recent study found that Locky ransomware, which encrypts private files, is being heavily aimed at hospitals. Researchers at FireEye discovered a massive spike in Locky attacks against hospitals in early August. So hospitals should be on full alert for Locky. End users should be notified not to open suspicious email attachments, and to watch what they click online.
The fact of the matter is that the healthcare industry needs to wake up to cybercrime. Executives can no longer carry on thinking that cybercrime is a problem for IT managers alone. IT managers need resources like money and manpower to keep their networks safe.
Healthcare companies are well-advised to seek help from third party managed service providers (MSP) like Apex Technology Services. Outsourcing cybersecurity operations to an MSP is a secure and cost-effective way to obtain the necessary technologies and guidance for avoiding cybersecurity issues.
Partnering with Apex Technology Services will guarantee around-the-clock network assistance, as well as access to infrastructure that is up to date with the latest security protections.
Remember: A tight budget is no excuse for failing to protect your network! Contact Apex Technology Services today.
A new breed of hacktrepeneurs has awoken and they have little to fear and everything to gain by infecting as many companies as possible and extorting money from them. Apex Technology Services stands ready to protect your company regardless of whether it’s located in New York City; White Plains, New York; Connecticut; Australia; Europe; or anywhere else. Our full suite of cybersecurity and IT support services is at your disposal, enabling you to spend less time worrying about and more time growing your business.
In addition, our new Cybersecurity Compliance Certification for law firms will help keep your legal practice from becoming the next Panama Papers victim. This baseline cybersecurity audit for the legal industry should be considered seriously by all law firms.