News Feature | December 19, 2014

Healthcare More Vulnerable To Cyber Attacks In 2015

Katie Wike

By Katie Wike, contributing writer

Government IT News For VARs — December 17, 2014

The start of a new year won’t stop hackers from attacking the healthcare sector – in fact, cyberattacks are expected to increase.

Phishing emails and ransomware are some of the top threats to healthcare security in the coming year, according to John Moore of Chilmark Research. He writes in an article for iHealth Beat that industry experts “say attackers believe hospitals and health systems hold a wealth of data, from credit card information to demographic details to insurance beneficiary data. The notion that healthcare trails other industries in IT security may encourage attempts to seize those data.”

Phyllis Teater, CIO and associate vice president of health services at the Ohio State University's Wexner Medical Center, adds, “The threats continue to mount ... at a time when all of healthcare is looking to reduce the cost of delivering care.”

According to Fierce Health IT, phishing emails lure the recipient to give out information such as passwords, usernames, and credit card numbers. Phishing emails are often an entry point into the network and it’s harder to identify a phishing email than you would expect. “They are much more sophisticated in terms of crafting them and targeting them to users and making them more difficult to detect,” says Scott Koller, a lawyer at BakerHostetler who focuses on data security.

Ransomware allows cybercriminals to hold data hostage while they demand payment to unlock it. Often they expect to be paid in Bitcoin which is a digital currency and difficult to be tracked. According to an article on NPR, “Ransomware uses the anonymous online network Tor to conceal all communication between the attacker and victim. That way, for example, the CEO and IT support can't blame a specific employee, or help the employee.”

Security priorities of the coming year include:

  • Encryption and mobile device security;
  • Two-factor authentication;
  • Security risk analysis;
  • Advanced email gateway software;
  • Incident response management;
  • Expansion of IT security staff; and
  • Data loss prevention (DLP) tools.

“Encryption very much needs to be on everybody's radar,” Koller says.