Menu Close

Why is the Healthcare industry more at risk from Cyber-criminals?

For more tips and how-to's, visit our tech blog

Did you know that personal medical data is worth ten to twenty times more to a cybercriminal than any other data type? This statistic is one of the prime reasons that healthcare is the most targeted industry for hackers. However, just like you can minimise your chances of a home break-in by installing security locks, cameras or a big Doberman in the front yard, there are some easy steps that you can take to protect and back up your data to keep it safe.

Why Healthcare Data is Stolen

According to data from the Office of the Australian Information Commissioner (OAIC), the health industry consistently reports the highest number of cyber-attacks, with 54% more attacks reported from July to December 2020 than the finance industry.

We saw an example of this recently, when a cyber-attack brought the Waikato District Health Board in New Zealand to its knees. The attack impacted cancer treatments, testing laboratories, phone, email and other services. In the last month, there have also been attacks on the Irish healthcare system, to Rehoboth McKinley Christian Health Care Services in Arizona and New Mexico, and to Scripps Medical in San Diego.

So why is healthcare data such a prime target for cybercriminals? Stolen healthcare data is used in a multitude of ways, including:

  • It can be used to claim the victim’s Medicare or private health insurance benefits
  • The records are used as proof of identity to fraudulently obtain credit
  • Attackers use the stolen records for extortion or blackmail, as in the case of the WannaCry attack in the UK in 2017

Under the Notifiable Data Breaches Scheme as part of the Privacy Act, ALL health service providers are obliged to take reasonable steps to secure personal information and notify individuals whose personal information is involved in a data breach likely to result in serious harm. The provider must also notify the Australian Information Commissioner of eligible data breaches. 

Digitalisation of Healthcare

Delivering outstanding patient care and meeting the growing expectations of consumers, the industry has shifted towards electronic patient records and more modern systems. This evolution has improved the patient’s experience and makes the clinician’s life easier – they have the information they need when they need it to deliver care promptly.

But how is this data stored? Regulations require you to keep health records until the patient is 25 if they are under 18 and for seven years if they are over 25. Technological advancements allow us to gather more health data than ever before, which must be stored securely and accessibly for an extended period. The challenge is to ensure that your approach to backing up and protecting data evolves alongside your system upgrades.

Currently, many practices are still using physical media to store and back up their data, or don’t have a system in place at all. Whilst this approach can seem cost-effective, people falsely assume their data will be safe when stored off-site. However, physical media is at risk due to

  • Data degradation due to dust, heat, electromagnetic forces, wear and tear
  • Physical threats – water damage, fire, being lost, stolen or discarded
  • Difficulty meeting regulations around deletion of information relating to individuals who no longer do business with you or deletion of information upon patient/user request

Protecting your Data Accessibility & Availability with Back-Ups

You cannot underestimate the importance of backups, data protection and business continuity in healthcare. Take the current situation in New Zealand as a tale of caution. Elective surgeries have been cancelled, outpatient appointments have been deferred, and authorities are asking only urgent cases to present to the emergency department. Four weeks after the cyber-attack, the Waikato DHB was still not operating at full capacity, with no indication on when full services can resume. In some departments, they’ve had to revert to paper-based systems.

With healthcare organisations relying heavily on data to ensure effective patient outcomes, one incident could be catastrophic. Health IT can help ensure you keep your critical information safe, ensure that you always have a whole system back-up available in case of emergency and minimise downtime. We use the  Essential Eight as a guideline for best practice to:

  • Prevent malware delivery and execution
  • Limit the extent of cybersecurity incidents
  • Recover data and system availability

As healthcare becomes increasingly digitalised, data security needs to be a top priority. Cyber-attacks are becoming more sophisticated; it is worthwhile engaging the services of a good provider who understands your needs and can put your patients first.

Want to learn more about how your business cyber-safe?

Learn more