Yearly Price Tag for Healthcare Hacks into the Billions

Posted on March 23, 2018 by Admin

As the healthcare data continues growing in popularity with cyber hackers, so grows their cost of doing business. The healthcare industry finds that endpoint attacks are surging and are largely responsible for the hefty $1.3 billion price tag. Endpoint attacks are becoming a favorite weapon of choice for hackers. These attacks don’t install malicious software programs on a device, but rather infiltrate programs already on a device. That makes it very easy to miss using traditional antivirus tools. They also leave a zero footprint or signature on a device, making it impossible to trace who’s responsible for the attack.

The popularity of endpoint and other zero footprint attacks targeted to healthcare is booming. The Ponemon Institute’s reportThe State of Endpoint Security Risk Report finds that a whopping 77% of attacks in 2017 were fileless; meaning they leave no traceable files behind, making it nearly impossible to figure out who did it. And they are increasingly successful. It presents a very challenging and expensive task for the healthcare industry to prevent. According to the 2017 Cost of Data Breach Report conducted by the Ponemon Institute, healthcare data breaches had the highest cost per file of all industries, averaging $380 for each stolen record. The report also states that $141 per record is the average global cost for most industries.

Endpoint attacks are directed to a corporate network using remote devices used by employees, like laptops and mobile devices. Every device being used with a remote connection to a network creates a potential entry point. It spreads malware through programs already on a device and leaves no digital footprint to track. It brings into view several security shortcomings for healthcare systems: Updating cyber safety training for employees, immediate security patching by IT for endpoint attacks, and an overall effort by the healthcare industry to combat this latest cyber security threat.

Always make sure to have a mobile device policy in place for anyone connecting to the corporate network. This includes remote workers, consultants, and any vendors that have access to any program or files on your network. In addition, implementing perimeter security tools just isn’t enough anymore. All it takes is for one person to click a malicious link or attachment in an email message to cause significant damage to the network. That’s why it’s increasingly necessary to provide ongoing awareness training on current threats and mitigation techniques to everyone in the organization. Malware evolves. The payloads change. Phishing gets better and better and is nearly impossible to detect sometimes. Constant reminders of these risks are key. And while it may seem time-consuming to keep all the computers and devices updated with the latest patches, it really is important. Unpatched, unsupported, and outdated product vulnerabilities are how so many attacks succeed.

Posted in Cybersecurity, Social Engineering