The healthcare industry is witnessing a significant increase in the cyber attacks over the past few years owing to the weak security infrastructure with unsecured medical devices and systems, lack of awareness about imminent cyber threats, inadequate investments allocated for effective cyber security measures, and the heightened vulnerability associated with high-value assets owned by the healthcare organizations. The pharmaceutical, biotech, and medical devices sectors are heavily reliant on intellectual property such as patents and trademarks to generate a continuous revenue stream and gain heavy profits on account of the commercial value of such assets. The hospital and health insurance organizations deal with assets such as electronic health records, clinical trial data, Medicaid records, and other sensitive patient information.
The cyber attackers usually target assets such as bank account numbers, and credit card details which can be sold at USD 1 to 2 per record. However, the healthcare records are sold in the black market for a very high price of nearly USD 40 to 50 per record. Moreover, this data is significantly easy to retrieve considering the weak security measures for intricately networked systems, low awareness levels regarding cyber-attacks, the constantly changing nature and the source of the attack.
The most frequently reported cyber crimes in healthcare include the medical identity fraud, loss of electronic patient health records (E-PHI), social security records, and incidences of patent infringement. Moreover, for cybercrimes involving theft of intellectual property such as patents and business secrets, the potential damage cannot be estimated.
The most frequent type of cyber threats reported in this sector includes the API attacks, DDOS attacks, malware, spyware, SQL injections, and work practices such as BYOD (bring your own device). The threat from the internal stakeholders is significantly high due to the lack of compliance with the HIPPA ACT, and employee negligence. The attackers target the personal devices using emails, phishing or by stealing the devices which store data in un-encrypted format.
Some of the high-profile cyber crimes in the healthcare sector, in the recent past, include the attacks on Boston Scientific, Medtronic, and St. Jude Medical, and the most recent attack in 2015 features Anthem which resulted in a loss of over 80 million customer records. The U.S.-based organizations are experiencing a constant increase in these attacks. Therefore, considering the potential financial loss to the nation and the resultant devastating effects including compromised patient confidentiality and integrity due to such attacks, the FBI has issued a private industry notification (PIN) to the healthcare sector, highlighting the severe ramifications of not being prepared to combat the new age warfare.
Furthermore, considering the seriousness of the issue, the industry players and government agencies across different countries are expected to proactively strengthen the security measures to prevent hacking of patient medical information and other cybercrimes.