Healthcare Organizations Main Target for Hackers in 2017

Experian’s Data Breach Resolution team has released its annual data breach industry forecast for 2017. Experian has evaluated current cybersecurity trends and has made a number of predictions for the coming year.

One of the key predictions is hackers will continue to be laser-focused on attacking healthcare organizations. New attack methods will be used and cyberattacks are likely to become much more sophisticated as healthcare organizations improve their security defenses. The primary target will continue to be the electronic protected health information of patients.

The volume of healthcare data stolen in the past two years has been extraordinary. Figures from the Department of Health and Human Services’ Office for Civil Rights show more than 113 million healthcare records were exposed or stolen in 2015. 270 breaches of PHI were reported by healthcare providers, health plans, and business associates of HIPAA-covered entities in 2015.

2016 has seen fewer records stolen or exposed, although the number of reported data security incidents has already surpassed last year’s total. With just over a month of 2016 still to go, 277 PHI breaches have been reported to OCR. Those breaches have impacted 14,562,019 individuals.

Healthcare organizations will continue to be targeted by hackers due to the high value of patient medical information. Patient data can be used to steal identifies, file fraudulent tax returns, and obtain credit, medical services and prescription drugs. The volume of healthcare data being offered for sale on the darknet has seen the price of health records fall; although cyberattacks on healthcare organizations are still highly profitable and there is likely to be a continuous demand for fresh healthcare data.

Experian predicts hackers are less likely to concentrate on attacking health plans, as was the case in 2015. Instead, they will search for new targets that have weaker security defenses such as hospital networks.

Ransomware attacks on healthcare organizations increased significantly in 2016. Experian expects ransomware to continue to be used to attack healthcare organizations in 2017. Healthcare providers must have access to electronic health records in order to perform healthcare system operations. Experian expects many will choose to pay ransom demands to prevent disruption to services.

The successful ransomware attacks of 2016 have given ransomware authors more funds to invest in developing increasingly sophisticated ransomware variants. Experian predicts healthcare organizations will have to implement a host of new defences as ransomware authors develop new variants that are better at evading detection by current cybersecurity technologies. It has also been predicted that ransomware variants will be developed that are capable of stealing data from healthcare organizations, not only preventing data from being accessed.

Not only will patients be impacted by data breaches, so will healthcare employees. Experian expects hackers to also continue to target organizations to obtain W2 data. W2 phishing attacks increased this year and Experian says the lack of action taken by the IRS to prevent tax fraud means 2017 will see similarly high levels of attacks. Experian also expects CEO fraud to increase in 2017 along with other scams that target employees.

According to the report, “Healthcare organizations of all sizes and types need to ensure they have proper, up to date security measures in place, including contingency planning for how to respond to a ransomware attack and adequate employee training about the importance of security.”

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.