While it’s often assumed that only the financial and e-commerce industries require robust cybersecurity, other sectors like healthcare are also prime targets for cybercrime. This is particularly concerning, given that patient data is highly sensitive and must be kept confidential. Therefore, it’s not just the financial and e-commerce sectors that need to focus on cybersecurity; other industries like healthcare must also ensure that their security systems are well-integrated and capable of protecting the data they hold.
The issue of cybersecurity has gained more attention with the onset of the global pandemic. Many industries have felt the negative impact when their systems and infrastructure are not well-secured. However, so far, it’s primarily financial service industries like banking or fintech and e-commerce services that have been visibly focused on developing cybersecurity. Yet, other industries also need reliable cybersecurity to protect their data and systems.
In early 2022, the Indonesian public was shocked by allegations of a data breach in the healthcare industry. Surprisingly, the patient data breach did not occur in a hospital or insurance company but happened on the server of the Ministry of Health. This is, of course, a significant concern, considering that patient data security is a top priority for the healthcare industry.
The data breach incident began when a member of Raidforum, an international online forum, sold part of a 720-gigabit data set named ‘Astarte.’ The member claimed that the data consisted of detailed medical records of patients in Indonesia. According to the hacker’s statement, the last data taken was from December 28, 2021.
Cybercrime in the healthcare industry is not unique to Indonesia; it also occurs in other countries. For example, on January 1, 2022, a healthcare service provider in Florida, USA, named Broward Health confirmed that they had fallen victim to cybercrime. More than 1.3 million patient records were deleted by the criminals from the system on October 15, 2021. The stolen data included individuals’ names, addresses, birth dates, SIM numbers, Social Security numbers, financial information, insurance details, and other medical information.
According to an official statement from Broward Health, the intrusion and data theft occurred in a third-party company contracted by Broward Health to provide medical data technology services. The vendor was allowed to access the system used by Broward Health. However, that’s where the disaster occurred, leading to the theft of patient data.
Both cases show that the healthcare industry has not yet given serious attention to patient data security. In a study by the non-profit Cyber Peace Institute, data from more than 235 cyberattacks against the healthcare sector in 33 countries during 2021 were analyzed. The result: over 10 million records were stolen by cybercriminals. The stolen information included critical data such as social security numbers, patient medical records, financial data, HIV test results, and even medical donor data. On average, there were 155,000 records breached in each data violation case in the healthcare sector, and this number could be much higher.
What Makes Patient Data Valuable?
Patient data is valuable because hospitals store a vast amount of confidential data. These secret data can be sold at a high price by hackers. Moreover, these data are also easily sold to interested parties. This is what makes the healthcare service industry a prime target for the ever-growing cybercrime.
Medical devices like X-rays, insulin pumps, and defibrillators play a crucial role in modern healthcare. However, for those responsible for online security and patient data protection, these continually innovating healthcare devices also open up more entry points for cyberattacks. Even though medical devices are not used to store patient data, they can still be used to launch attacks on servers holding valuable information. In the worst-case scenario, medical devices could be entirely taken over by hackers, preventing healthcare providers from delivering vital care to patients.
Given the magnitude of the threat facing the healthcare industry, players in the sector must do better in managing cybersecurity. The first step that can be taken is to improve existing cybersecurity systems. Cybersecurity in the healthcare industry is still not well-developed due to a lack of trained and skilled human resources in this field. Therefore, the healthcare industry needs more people who can be trained and employed to manage reliable cybersecurity.
In addition to increasing investment in cybersecurity, healthcare companies must also manage their cybersecurity infrastructure well. This can be done through penetration testing programs to test the strength of security systems, conducting vulnerability assessments to find weaknesses, and regularly updating systems. Moreover, the human aspect is also a crucial factor in cybersecurity practices. Organizations need to build and maintain awareness and training for all staff related to cybersecurity and commit to incident handling procedures and standards.
Don’t let your patient data become a target for cybercrime. As a cybersecurity company offering penetration testing services, we are ready to help secure your company’s systems and infrastructure. Contact us now and make patient data security your top healthcare service priority.