Increased reliance on technology in the healthcare industry carries increased risk of cyber attacks. One of the most common methods of gaining unauthorized access to a computer network is through phishing emails, baiting employees to divulge critical information or click on a link that will enable hackers to upload malware. A recent study suggests that approximately 5% of all emails received by healthcare employees are phishing. This presents a significant hazard, highlighting the critical need for healthcare cybersecurity.
What is Phishing?
Phishing is a form of cyber attack in which employees receive an email, text, or phone call from an impostor posing as a legitimate professional or business. The intent of this is to lure the employee into revealing sensitive information, including passwords, bank accounts, credit card numbers, or other personally identifiable information.
The specific type of attack in which cybercriminals target healthcare industry information by means of individualized messages is known as spear phishing. This is delivered the same way as phishing, except that it is targeted to specific individuals or organizations. Spear phishing messages are usually convincingly written and hard to detect. The rise of remote working in the healthcare sector has led to a sharp increase in phishing and spear phishing attempts.
While cyber criminals historically targeted high-level executives in a company with phishing emails, they have now shifted their tactics to focus on “low-hanging fruit.” Lower-level employees who may not be well-versed in cyber security are receiving most of the recent phishing attempts in a variety of forms.
Why is the Healthcare Industry a Target?
Over 93% of medical-related organizations became victims of a data breach in the last three years. While every business that uses a computer is a potential victim of cyber crime, there are a number reasons why healthcare is so frequently targeted.
- Reliance on technology: Healthcare organizations increasingly rely on internet-connected equipment in patient care, which is beneficial for clinical support but leaves the organization vulnerable to cyber attacks.
- Value of private information: Hospitals are storehouses of huge amounts of confidential patient data, which is potentially worth a lot to hackers who can sell it.
- Outdated technology: Historically, limited budgets and a hesitancy to learn new systems means the healthcare industry is slow to upgrade its technology.
- Lack of healthcare cybersecurity: Budget constraints and size of integrated systems in healthcare institutions result in lack of cybersecurity systems.
- Lack of training: Budget, resources, and time constraints mean most medical professionals don’t routinely receive training on cyber threats.
Unfortunately, computer crime does not show signs of slowing or ceasing in the near future. Phishing attacks are becoming more sophisticated and the frequency is increasing. As the healthcare industry continues to expand its use of technology, the investment in cybersecurity must expand as well.
About Connected Risk Solutions
At Connected Risk Solutions, we use our expertise and experience to provide insurance information and programs to those who serve long-term care and senior living facilities. Since 2007, we’ve been offering insurance and risk management plans designed to help our agents give their clients the ability to achieve continued growth while simultaneously protecting against loss, containing costs and increasing profitability. With three offices to serve you in Chicago, Illinois; Phoenix, Arizona; and Burlington, Connecticut, we do everything we can to make your experience with us as professional and transparent as possible. To learn more, contact us at (877) 890-9301.
