The Department of Health and Human Services recently reported a significant rise in healthcare cyberattacks due to the COVID-19 pandemic. Between February and May of this year, there were more than 130 reported data breaches representing nearly a 50-percent increase in reported breaches during the same period last year.
These staggering numbers point to the healthcare industry, and hospitals in particular, being the number-one target of risks like ransomware attacks and other cybercrimes. Later this year, these attacks are expected to quadruple globally, bringing to light the urgent need for more cybersecurity measures to be in place.
Notable Healthcare Cyberattacks of the 2000s
One way to limit risk is to be educated about not only the potential risks but also the past mistakes. We run down some of the most impactful healthcare cyber-attacks in recent years, highlighting glaring gaps in coverage, and helping us understand how to move forward as safely as possible.
Boston Children’s Hospital
In 2014, hackers launched a DDoS attack against Boston Children’s Hospital. Also known as a Distributed Denial of Service, this kind of attack shut down the donations page and was estimated to have lost more than $300,000 on repairs to its computer system.
Back in 2017, this large-scale attack targeted the United Kingdom’s National Health Service (NHS). By exploiting the system’s Windows system vulnerabilities, the hackers managed to infect at least 16 health centers and more than 200,000 computers. This led to the cancellation of nearly 20,000 medical appointments and took control of more than 1,200 pieces of diagnostic medical equipment.
Phishing Attack Against Montpellier Medical
Phishing is the most common type of cyber-attack issues plaguing networks across the globe. At Montpellier Medical Center in France, an employee opened an email in the spring of 2019, opening the medical center up to a virus that went on to infect more than 600 computers.
Cyber-attacks and related vulnerabilities might not always be the result of full-scale hacking. In fact, some attacks occur due to negligence and user errors, like with Blue Cross in the U.S. In April 2018, an employee of the health insurer accidentally posted a file that contained the personal and medical information of almost 17,000 patients. Taking nearly two months to discover this mistake, Blue Cross ended up taking a hit in its reputation and customer trust.
These incidents are all reminders of the importance of educating employees on good practices within cybersecurity. While not every mistake can be avoided and every attack be prevented, it’s important to be educated on the potential harm that one small crack in a system can create.
About Connected Risk Solutions
At Connected Risk Solutions, we use our expertise and experience to provide insurance information and programs to those who serve long-term care and senior living facilities. Since 2007, we’ve been offering insurance and risk management plans designed to help our agents give their clients the ability to achieve continued growth while simultaneously protecting against loss, containing costs and increasing profitability. To learn more, contact us at (678) 359-6365.