Return to blog
August 16, 2024 | By christa
Share
Share

What’s Causing the Wave of Healthcare Cyberattacks? 

Healthcare institutions are hypervigilant when protecting their digital data—at least, they should be. Patients trust their providers to keep their information confidential. This includes both their personal information and their medical records. 

The Rising Threat of Healthcare Cyberattacks

Several industries fall under the healthcare umbrella: pharmaceuticals, hospitals, insurance, and diagnostics are just a few examples. Within these are unique technologies, ranging from patient portal applications to gigantic MRI machines. In many cases, these industries’ technologies are interconnected through a wireless connection.  

Though these systems are needed to keep up with the ever-evolving advancements in modern medicine, they are also particularly vulnerable to falling victim to a cyberattack. Cybercriminals have multiple angles of attack to gain unauthorized access to any healthcare institution’s private data, whether it be through wireless tethering or a unique software system.  

Patients, healthcare workers, healthcare investors—really, anyone who has seen a doctor—all depend on healthcare institutions to keep their private data safe. So why is it, that we are seeing a surge in healthcare organizations falling victim to cyberattacks

The Recent Ransomware Attack on Change Healthcare

Headlining the news recently is the ransomware attack initiated against Change Healthcare, a technology provider specializing in payment management and health information exchange systems. It is owned by UnitedHealth, a health insurance provider. Change made the controversial decision to pay the ransomware gang attacking them the $22 million in Bitcoin demanded, setting a dangerous precedent. 

Cybercriminals are now under the impression that, if they cause enough damage, they can get large sums of money from the healthcare institutions they attack. Healthcare organizations allocate an average of 7% of their budgets to cybersecurity—with this wave of cyberattacks, it’s time for that number to go up.  

Because Change manages the billing of insurance claims, healthcare industries throughout the country (most notably hospitals and pharmacies) were unable to receive the funds necessary to cover provided services. This prevented them from adequately managing their practices, as they lacked the resources needed to pay their workers and keep everyday functions running normally. As a result, many patients lost access to life-saving care.  

The Role of Legacy Systems in Cyber Vulnerabilities

Cyberattacks initiated against health institutions are deadly. It is even more frustrating, then, that the breach in Change Healthcare’s system was the direct result of the company not implementing two-factor-authentication within their internal systems.  

Perhaps one of the easiest and most effective cybersecurity measures someone can take, two-factor authentication (2FA) security systems require a minimum of two distinct forms of identification to access an account. This typically looks like a password paired with something else—usually a code sent to the phone number associated with the account. 

Not implementing easy security measures such as 2FA is typically the result of a company using legacy systems, which is a fancy way of saying outdated software. These systems often cannot support modern IT solutions, and if they can, then the cost and inconvenience of implementing them are exorbitant. The reason a company may use a legacy system is because of the frustrating process of migrating their software over to a newer server. This issue is a double-edged sword, as the longer you wait to update a system, the more difficult it will be to migrate. 

Healthcare institutions are often guilty of using legacy systems, though it sometimes is not by choice. As mentioned before, healthcare technologies are diverse and constantly evolving. Upgrading to the latest and greatest system is not always financially possible. Mismanaged resources also may prevent healthcare institutions from implementing the necessary upgrades they need. 

The Need for Urgent Cybersecurity Upgrades

While UnitedHealth claimed to be in the process of updating Change’s outdated legacy systems, it is obvious that the process needed to occur quicker than it did. When healthcare industries lag on their cybersecurity measures, lives are put at risk, putting both patient health and institutional credibility on the line.  

LeadingIT is a cyber-resilienttechnology and cybersecurity support provider. With our concierge support model, we provide customized solutions to meet the unique needs of nonprofits, schools, manufacturers, accounting firms, government agencies, and law offices with 20-200 employees in theChicagoland area. Our team of experts solves the unsolvable while helping our clients leverage technology to achieve their business goals, ensuring the highest level of security and reliability. 

Do you need cybersecurity support to protect your business? Leave a message for us and we will get back to you right away.

Name(Required)

RELATED

Let Us Be Your Guide In Cybersecurity Protections
And IT Support With Our All-Inclusive Model.

Meet with us