A national survey has found more than 80 percent of medical practices have been the victims of cyberattacks, USA Today reported.
More than half of the hospital and medical facilities reported patient safety concerns from the data breaches, and 20 percent said that their business had been interrupted for more than five hours, the survey said, according to USA Today.
“That can be the difference between life and death,” Wendi Whitmore, vice president of IBM X-Force, a New York-based commercial security research team, told the newspaper.
IBM reported there was a 6,000 percent increase in spam attacks on IT systems from March through April as the pandemic unfolded, many of them at healthcare facilities.
For example, the amount of attempted hacking doubled in March at Seattle Children's Hospital. The attacks came in the form of phishing emails, seeking a staffer who would click on a malicious link and allow malware into the health system's network, Gary Gooden, chief information security officer at the Washington-based health system, told the newspaper.
In 2014, the FBI reported a stolen credit card or a Social Security number was worth just $1 on the black market, while an electronic health record would fetch up to $1,000 if it belonged to a well-known person, USA Today reported.
Once in a cybercriminal’s hands, health records can be used to file fraudulent insurance claims and obtain prescription drugs, the FBI said, according to USA Today.
The answer, Gooden told USA Today, is for hospitals and medical facilities to stay ahead of the curve in terms of technology and practices.
“It’s about installing a series of tripwires that allow organizations to detect when there are attacks against their environment,” Whitmore told the paper. “That buys us time.”
Earlier this year, a hacking group tried to breach the World Health Organization (WHO). The hack was discovered by Alexander Urbelis, a cybersecurity expert and lawyer who looks for suspicious internet activity. He discovered the activity when hackers introduced a fake, malicious site that pretended to be the WHO’s email system.
“Criminals are disguising themselves as WHO to steal money or sensitive information,” the WHO said in a statement. “If you are contacted by a person or organization that appears to be from WHO, verify their authenticity before responding.”
The attack hit the publicly traded company, which works with 75 percent of the 200 largest U.S. hospital chains.