Sign in

The 5 enemies of healthcare IT security

By: Lisa Marlin

January 28, 2016

We know we have an important job to do in healthcare IT, especially in keeping the greedy little hands of cyber attackers out of the personal files of patients and providers.  A recently released report from Critical Infrastructure Technology backs this up, reiterating that information stolen via healthcare breaches can be used for insurance fraud, identity theft, financial gain or targeted attacks, which can be sold online or used by the attackers for personal gain.

“Healthcare providers, the largest target, are focused on their mission: saving lives,” according to the ICIT report. “Sadly, attackers have seen this selfless dedication to human life as sign of weakness.”

The report says that cyber attackers can be categorized according to their target, tactics, techniques, malware and procedures. The five enemies of healthcare IT security that are listed in the report are summarized in a recent article in Healthcare IT News as:

Cybercriminals are stereotypical attackers, targeting organizations to make money through extortion or the disclosure of compromised data. Ransomware, malware that holds data hostage until the owner pays the monetary award, will be the primary threat to organizations in 2016, especially to mHealth [mobile health] devices and mission critical assets.

Hacktivists are politically-motivated, targeting institutions with opposing political views to their agenda. They most commonly attack with a denial of service method, overloading a server until it crashes. When it comes to healthcare, hacktivists are looking for specific patient data, intellectual property or they’re trying to embarrass the institution.

Cyberterrorists target systems to disrupt or destroy critical services and infrastructure of a specific nation, sector or organization. Attacks on the healthcare sector are designed to frame a lesser hacking group to cause turmoil or cause panic.

Nation State Actors sponsor other threat groups that launch against foreign governments and organizations. They rely on advanced malware customized to their target and often contain rootkits for a persistent presence, encryption to hinder reverse engineering and codes to mask its presence. The healthcare sector is targeted by nation state actors to disrupt service and collect personal data.

Script Kiddies are the least skilled cyber attackers. They purchase, trade and use tools and malware developed by larger attackers. Most of these tools are automated, as the users aren’t technically-savvy, and they enter through opportunistic means, through vulnerable systems.

So, now that you’re armed with this knowledge, don’t let yourself get overwhelmed. Instead let the experts at PrivaPlan help you stay on top of what you need to do to keep cyber attackers from getting in.

A PrivaPlan Membership grants you exclusive access to our acclaimed Online HIPAA Compliance Toolkit. Here, you’ll find hundreds of HIPAA Privacy and Security templates, reference materials and guides, training materials and more that take the guesswork out of compliance.

We’re easy to reach: drop us a line or call 877-218-7707.