Hospitals and other institutions on the front lines of the fight against COVID-19 facing unprecedented physical dangers are now contending with another elevated threat: cyberattacks. The inter-governmental law enforcement organization, INTERPOL, has issued a warning that organizations at the forefront of the global response to the COVID-19 outbreak are also becoming targets of ransomware attacks.

INTERPOL’s Cybercrime Threat Response team at its Cyber Fusion Centre has detected a significant increase in the number of attempted ransomware attacks against key organizations and infrastructure engaged in the virus response. Cybercriminals are using ransomware to hold hospitals and medical services digitally hostage; preventing them from accessing vital files and systems until a ransom is paid.

To support global efforts against this critical danger, INTERPOL has issued a Purple Notice alerting police in all its 194 member countries to the heightened ransomware threat.

In that vein, U.S.-based consultant Diane Brooks has spoken out about the importance of cybersecurity in healthcare—sharing several facts that may be surprising to many. Here are some of them:

  • The number of reported data breaches, with the exception of 2015, has increased every year since 2009, according to data published in HIPAA Journal. This includes an increased number of attempts, an increased number of files and databases to breach, and an increase in the profitability of succeeding in such an attack.
  • The average HIPAA penalty in 2018 for a data breach is a bit more than $2.5 million. This does not include settlements. It should be noted that total penalty amounts for each year and the number of penalties imposed are both trending upward as well. The U.S. Department of Health & Human Services’ Office for Civil Rights is taking this problem extremely seriously—and so should your organization.
  • The number of records breached each year, while it varies wildly based on the severity of attacks that year, continues to number in the millions or tens of millions. That’s a lot of patients, and it’s hard for people not to be affected by it (and become angry if they find out).

The Causes of Data Breaches and Poor Cybersecurity

To solve the problem, one must first identify the problem. Thankfully, we have the data available to help us do that: 

  • Human error is the No.1 cause of cybersecurity breaches. This remains true for every industry and showcases the need for organizations to take control and either create a standardized cybersecurity policy or properly enforce the policies they do have. The HIPAA Journal noted that 61% of firms found senior-level executives to be potential security issues.
  • According to a Ponemon Study, 54% of healthcare associates state that employee negligence when handling patient information is their biggest problem. No matter what systems or policies are in place, unless everyone is on board with the cybersecurity plan, it isn’t going to be safe for patient data.
  • Another major problem is that these are extremely complicated systems, and there aren’t always enough people up to the task of protecting them. According to the ISACA State of Cyber Security Report, 27% of healthcare companies stated they couldn’t find suitable cybersecurity candidates.
  • Related to this, the Thales Data Threat Report found that 53% of firms said the complexity of the systems they were working with was the major factor holding them back.
  • Ultimately, firms and companies will need to dedicate more permanent resources toward cybersecurity and IT strategy in general. Shockingly, according to a Black Book cybersecurity survey, 91% of hospital boards rely entirely on consultants to determine their IT strategy. Simply put, it isn’t a part-time problem, and hospitals will need to dedicate more resources to finding full-time IT staff.

In conclusion, there’s no shortage of things to be concerned about when you work in healthcare—especially given the COVID-19 pandemic. Don’t let cybersecurity be one of them. Keeping the above statistics and recommendations in mind, take some action now, even on just a personal level, and you can help remove a threat to both your life and your workplace.

Diane Brooks is an executive with Questions and comments can be directed to 24×7 Magazine chief editor Keri Forsythe-Stephens at [email protected].