The healthcare industry is the sector most targeted by ransomware, with attacks on hospitals, pharmacies and health insurance providers having increased by 125% in the past five years.
This was revealed by Panda Security, in a white paper, entitled 'The Cyber-Pandemic'.
According to the company, cyber crime threatening the healthcare sector also has a direct impact on the economy. "Ransomware is a prevalent threat for all organisations and the healthcare sector is no exception. In 2016 alone we have seen a number of hospitals targeted by malware, causing huge financial loss and putting patients at risk."
Ransomware
Panda Security says data handled in healthcare organisations is highly confidential, containing vast amounts of personal data. Should this information fall into the hands of cyber criminals, it can be used to socially engineer individuals to carry out targeted attacks. "For cyber criminals this is a lucrative business as this kind of data will fetch a high price on the black market."
Advances in technology have seen health records digitised, making them easier to manage and record. However this has also made them vulnerable to theft. "Without proper procedures and protection in place it is easier for cyber criminals to access the data."
The company cites the example of health insurance provider, Anthem, whose digitisation of health records without proper security led to the loss of 80 million client records. Those records included the social security numbers of clients, as well as other sensitive information.
Preventing attacks
Panda says although many businesses resort to paying the ransom in the end, it should be noted that paying the ransom in no way guarantees that stolen data or documents will be released. In fact many cases have seen the opposite.
PandaLab has the following recommendations on how you can avoid a cyber-pandemic:
Firstly, ensure that a cyber-security framework that incorporates advanced protection with detection, containment and remediation features is in place.
Secondly, take control. "The common thread in these attacks is a lack of control. In order to take control of your network you need to employ a cyber-security solution that is capable of controlling all running processes across your network."
Next, the company advises to revise staff policies and control systems in order to adjust the privacy requirements in line with new technology.
Finally, run updates, to ensure operating systems and company devices are fully updated.
Share