As threats grow, federal and state governments are seeking to bolster local government cybersecurity through funding.
The healthcare industry is suffering from an increasing number of attacks by cybercriminals.
According to data released by the Cyber Threat Intelligence Integration Center (CTIIC), last year, the number of victims of ransomware attacks in this sector in the United States reached 258. This represents a 128% increase from 113 in 2022, according to CTIIC.
Separately, Emsisoft Reported in January Specifically, U.S. hospital systems experienced ransomware attacks nearly double last year compared to the previous year, growing from 25 hospital systems in 2022 to 46 hospital systems in 2023.
The healthcare industry is facing increasing attacks from cybercriminals. (iStock/iStock)
Of the hospital systems attacked last year, more than 140 were negatively affected by ransomware incidents, according to a survey by a software company.
Ascension Health, the largest Catholic hospital chain in the U.S., suffers cyberattack, disrupting operations
In an interview with FOX Business this week, cybersecurity expert Scott Shawver, CEO of Berkeley Varitronics Systems, said the increase in cyberattacks the healthcare industry is experiencing has to do with the value of personal information that could be stolen.
“When you look at the personal information in the leaked data, there is some value in that,” he explained. “If you’re a small business and you get a bunch of credit card numbers or Social Security numbers, that’s valuable, but that value is diluted by the billions of records that were leaked. But when you compare this to the medical sector, that personal information is very rich and very valuable.”
Schober said cybercriminals could use the personal information from stolen medical records to commit health care fraud or identity theft, or sell it for a much higher price than, for example, a credit card number.
According to a report by Emsisoft, of the 46 U.S. hospital systems that were attacked by ransomware last year, more than two-thirds had some information stolen in the attack.
The healthcare industry is facing increasing attacks from cybercriminals. (Annette Riedl/Photo Alliance via Getty Images/Getty Images)
Cybercriminals could have more leverage to demand ransoms from hospitals and other healthcare organizations, because disruptions from cyberattacks could put lives at risk and disrupt vital medical services, according to the CEO of Berkeley Varitronics Systems.
There have been cases where ransomware attacks on healthcare facilities have caused service outages, delayed medical procedures, diverted ambulances to other hospitals, made it difficult to access records, and caused other disruptions.
For more information on FOX Business, click here
Shawver also told Fox Business that hackers these days have incorporated a “one-two punch” into their ransomware attacks, such as “stealing” data and potentially copying and then encrypting it in order to demand a ransom.
This year has also seen ransomware attacks against hospitals and other organizations in the healthcare sector, with some of the most notable attacks including Ascension Health and UnitedHealth’s Change Healthcare division.
How a targeted cyberattack from a few years ago shaped public perception of cybersecurity today
Some hospitals have been “aggressive” in strengthening their cybersecurity defenses “to try to avoid being victimized,” Schober said, but in many cases they’re victimized after they’ve been victimized.
The healthcare industry is facing increasing attacks from cybercriminals. (iStock/iStock)
“I know a lot of hospitals are looking to do a full awareness and education initiative to improve their cyber posture because that alone will minimize the risk of a system breach,” he said, pointing to other methods such as multi-factor authentication and limiting remote access.
UnitedHealth CEO details root of cyberattack, working around the clock to ‘solve’ it
The overall threat of cyber incidents also weighs heavily on companies outside the healthcare industry.
A report published in January by Allianz Commercial, based on a survey of more than 3,000 companies, industry associations, risk management experts and others from various sectors, identified cyber incidents as the “biggest business risk” for 2024. More than a third of respondents, 36%, said cyber incidents were their biggest threat.
This outweighed other risks such as business interruption, natural disasters and regulatory change.
