Cybercriminals impacted upwards of 75,000 Florida patient records this year alone as hospitals have been stretched thin by the pandemic.
According to the U.S. Department of Health and Human Services’ Office for Civil Rights, this sensitive health care data remains under investigation. The FBI, along with international law enforcement organizations such as Interpol, have issued high alerts that hospitals around the world are under attack.
“As hospitals and medical organizations around the world are working non-stop to preserve the well-being of individuals stricken with the coronavirus, they have become targets for ruthless cybercriminals who are looking to make a profit at the expense of sick patients,” Interpol Secretary General Jürgen Stock reportedly stated. “Locking hospitals out of their critical systems will not only delay the swift medical response required during these unprecedented times, but it could also directly lead to deaths.”
Eric Weast, with Fort Lauderdale IT services company, ECW, shares insights into the cybersecurity threats facing the South Florida medical community.
Hackers are well aware that medical records are vital, and robbing them from Florida’s hospital network can turn a hefty profit. Given the coronavirus has created a surge in hospitalizations and workforce disruptions, digital thieves have engaged in tireless efforts to penetrate medical industry systems.
Hackers Deploy Wide Range of Cyber Attacks
Strategies used to slow the spread of COVID-19 has played right into the hands of digital burglars. Like many other sectors, Florida’s hospital system leveraged remote capabilities to allow essential personnel to work from home whenever possible.
Although efforts were made to install secure defenses, new remote workers tend to be exceedingly vulnerable to hacker schemes. Cybercriminals dove deep into their electronic fraud kits and rolled out the following cheat schemes.
- Phishing: Hackers send out thousands of emails with enticements to get health care professionals to download a file or click on a malicious link. This tends to be the most popular trick.
- Spear Phishing: This scam involves sending malicious emails that appear to come from a trusted source. They are akin to a confidence scam.
- Password Spraying: Hackers settle in for a methodical breach effort by trying commonly used passwords against health care worker login profiles.
- Ransomware: Nefarious online criminals put a high-priority on ransomware leverage. They are keenly aware that sensitive records can mean life or death. Hospitals, among other sectors, are inclined to pay exorbitant ransoms in bitcoin to regain access to patient files.
“(Cyber thieves) know the documents are so sensitive to organizations, that they’re pretty sure they’re going to pay for them,” Miami Dade College’s Cybersecurity Center of the Americas educator Franklin Mesa reportedly said. “So, they may not have access to the information, but they could hold it hostage and say: ‘Pay me to get this back.’”
Ransomware attacks can be carried out by a wide-range of hacking schemes, including those mentioned above. Medical records are typically encrypted, while legitimate users are locked out. Law enforcement agencies such as the FBI urge organizations not to pay ransoms.
How Can Hospital Professionals Prevent Data Breaches?
It’s critical for hospitals to take stock in the fact they house a veritable treasure trove of sensitive patient and digital financial assets. These can be quickly sold on the dark web, used to create false identities, or simply held hostage.
That being said, decision-makers would be wise to increase managed IT cybersecurity bandwidth in the following ways.
- Ongoing Cybersecurity Awareness Training
- Provide Workers with Real-Time Information About Emerging Threats
- Use Virtual Private Networks for Remote Workforces
- Develop a Cloud-Based Disaster Recovery Strategy
- Implement Two-Factor Authentication Security
While the pandemic put a strain on Florida hospitals that hackers continue to exploit, cybersecurity infrastructure investment and heightened vigilance can prove effective against the most innovative criminal. It may be in a hospital administrator’s best interest to have a thorough cybersecurity review conducted by an impartial third-party expert.