Healthcare IT News: Hackers will target hospitals like never before in 2017
May 29, 2017
With Bitcoin allowing attackers to stay anonymous, and a bulls-eye painted over the industry, time to get prepared is running out, group says.
Global spending on cybersecurity in healthcare is set to surpass $65 billion by 2021 but the real problem isn’t how much healthcare organizations spend — it’s how much they don’t, according to new research from Cybersecurity Ventures published Thursday.
That’s because ransomware and other cybercriminal attacks are going to get a lot worse before they get any better, said Matt Anthony, vice president of incident response at the Herjavec Group, which sponsored the report.
“In 2017 healthcare providers are the bull’s-eye for hackers,” the report noted.
Bitcoin, in fact, has enabled and encouraged criminals to pursue ransomware attacks, Anthony said.
“Bitcoin is the engine for cybercriminality, and as long as there is an anonymous way for criminals to get paid, it’s not going to get better anytime soon,” he said. “It’s a winning combination for organized crime – not necessarily Italians in smart suits and fedoras, either. There are large organized communities in China and Russia.”
Anthony explained that the convergence of vulnerable legacy hardware and software systems and the emergence of connected health, Internet of Things devices that are not always built with security in mind, and the super-identity criminals can steal, all make healthcare more attractive to hackers than any other sector.
And the motivation for hospitals to pony up after a ransomware attack is acute since they are often unprepared, underfunded, bogged down by legacy systems and, most important, really need the data cybercriminals just encrypted.
“Hospitals will pay, they’ll pay fast and they’ll pay what it takes to get data back,” Anthony said. “We ask people not to pay but sometimes there’s no alternative in healthcare.”
The report also projected that ransomware damages will reach $1 billion.
Another significant problem is that even healthcare organizations with a data backup strategy in place either lack an effective plan to restore that data in a useable fashion or do not bother to test backup and restore at least twice a year, Anthony said.
“If they’ve never faced a bad attack, hospitals might be complacent about testing restore technology,” he said.
Anthony said that access management tools and practices are starting to improve, governance teams are taking a sharper look at security than they did before and hospital IT departments are increasingly turn to cloud services for proactive monitoring, log aggregation and alerting but they need to get better at all of those more quickly than they currently are.
Originally posted on healthcareitnews.com
About Herjavec Group
Dynamic IT entrepreneur Robert Herjavec founded Herjavec Group in 2003 to provide cybersecurity products and services to enterprise organizations. Herjavec Group delivers SOC 2 Type 2 certified managed security services supported by state-of-the-art, PCI compliant, Security Operations Centers, operated 24/7/365 by certified security professionals. This expertise is coupled with leadership positions across a wide range of functions including consulting, professional services & incident response. Herjavec Group has offices globally including across Canada, the United States, and the United Kingdom. For more information, visit www.herjavecgroup.com.