Cybersecurity training provider KnowBe4 has released documentation showing how the US healthcare industry has become a “top target” of cyber attacks in recent years.
The report found that the surge is due to the sensitive information the industry contains.
This information includes medical data, personal information and financial records of patients and organizations.
Ransomware in the Healthcare Sector
Common cyber attacks the industry receives involve ransomware, extortion software used to demand payment in exchange for system access or data that has been encrypted by hackers.
Hackers use ransomware to take advantage of Protected Health Information or PHI and other private data exposed to the internet.
This PHI is used to commit fraud, identity theft, and reputational damage. Furthermore, it can hamper facility operations, resulting in patient care delays and risks to patient’s lives.
KnowBe4 observed that ransomware attacks surged over the past three years due to the global impact of the COVID-19 pandemic and its aftermath.
Two years ago, the company recorded 92 ransomware attacks on healthcare groups, affecting approximately 600 healthcare facilities and compromising over 18 million patient records.
These attacks account for a 470 percent increase in ransomware activity since 2019, making health care the top sector targeted
A ‘Strong Human Firewall’ Solution
KnowBe4 noted that a contributing factor to these breaches was the industry’s lack of cyber capabilities and awareness.
According to the report, most organizations allocate less than six percent of their IT budget to cybersecurity, preventing their in-house experts from gaining more knowledge to identify and report current threats.
A benchmark study added that the healthcare and pharmaceutical sectors had rates of phishing vulnerability after running simulated security tests with their cyber assets.
Regular cybersecurity training for a year or more dropped their “Phish-prone Percentage” from 38.3 percent to an average of 5.1 percent, demonstrating the effectiveness of preparation for related exploitations.
“The US healthcare system is an essential pillar to so many of our lives, which is what makes this trend so alarming,”
“Although this trend is sure to continue, it is important to remember that within the industry, healthcare employees are the sector’s largest attack surface, making security awareness training a vital tool to defend against cybersecurity threats.”
“An educated workforce forms a strong human firewall, which is key to practicing safe cyber habits and building a strong security culture.”
“For the US healthcare industry, this could result in employees around the country making proactive security decisions that lead to less attacks, driving the trend down while protecting the privacy of patients.”