The thriving synergy between the web and its users has come with a number of downsides. Among them is the growing number of cyberattacks, and healthcare is one of the most affected industries. According to Symantec’s 2017 Internal Security Threat Report, the number of system breach incidents reported in the healthcare sector grew astronomically in 2016 to 328 up from 269 cases the previous year.
Mandatory Breach Reporting
The report indicates that the total number of breached records reduced significantly to 16.7 million in 2016 from 113.3 million in 2015. The recently enacted Health Information Technology for Economic and Clinical Health (HITECH) Act is a key component of the American Recovery and Reinvestment Act (ARRA). The act makes it mandatory for organizations to report any cyberattacks on their systems. The organizations covered include health plans, healthcare providers, and their corporate associates.
Breaches that encompass more than 500 records must be reported within two months so that they can be published on the Health and Human Services’ journal’s “wall of shame.” This provides information pertaining to the nature and extent of health data breaches alongside emerging trends as far as cyberattacks are concerned.
Perpetrators of cyberattacks have attained new levels of ambition. 2016 alone was marked by daring attacks that included million-dollar virtual bank raids, huge distributed denial of service attacks on IoT devices, and unconcealed attempts to unsettle the US Presidential Elections by state-sponsored groups. In as much as the perpetrators of any cyberattack manage to create an unprecedented level of disruption, they often use simple tactics and tools.
How a Cyberattack Can Be Conducted Using Simple Tools and Tactics
Initially, a cyberattack used to be carried out using sophisticated malware. Things have changed because hackers are using simpler tools in an attempt to hide their malicious activities. Hackers currently rely on forthright approaches, including the use of spear-phising emails and legitimate network admin software to operate system features. Experts point out that Mirai, which is the main botnet behind most cyberattacks, is mainly composed of adulterated security cameras and routers and other poorly secured, low-powered devices.
Healthcare organizations have become vulnerable to email-borne ransomware. Generally, healthcare firms have a significantly lower security posture since they mostly focus on patient health. This means they are under a lot of pressure as far as the restoration of data and services is concerned, which explains the sharp increase in the number of cyberattacks.