Healthcare Cyberattack: The Argument for Cloud-Based Software
Target faced public furor when 40 million credit and debit cards were skimmed by hackers in 2013. A year later, Hollywood’s movers and shakers were humiliated when hacked information from Sony Pictures was posted online. A data breach at Equifax in 2017 compromised the personal information of 143 million Americans created an uproar. Still, for every cyberattack that makes headlines, there are thousands that never get further than the boardroom.
That’s why it was refreshing when Hancock Health CEO Steve Long was transparent in communicating about that company’s January 11, 2018 healthcare cyberattack. In his blog post, Long relayed four days of nail-biting events that involved ransomware, Bitcoin payoffs, the Dark Web, the FBI, and dedicated teams of IT professionals who battened down the hatches, implemented disaster response protocols, and got the systems back up and running. All the while, Hancock Regional continued to care for patients.
Hancock Health’s ransomware was deployed by Eastern Europeans who had hacked a vendor’s login credentials, but it can also infect systems via phishing emails, malvertising, or malicious links. With ransomware, hackers typically encode files and then only send decryption keys once the ransom is paid. Businesses that rely on data for their daily operations – such as healthcare facilities – typically opt to pay the ransom to get back online as quickly as possible.
Healthcare Cyberattack: Other Forms
Ransomware is just one type of healthcare cyberattack plaguing facilities. Data breaches – such as the 2015 Anthem hack that stole 80 million patient records – are even more common. Breaches can be triggered by a variety of events, some as nefarious as malware and others as benign as a lost notebook computer. Some analysts claim that the value of stolen health information is twice that of stolen credit card information, since credit cards can be canceled and reissued, but health data lasts a lifetime.
A different class of healthcare cyberattack, denial-of-service and distributed-denial-of-service, seeks to overwhelm a system. Dos and DDoS attacks are expected to gain a greater foothold in the healthcare sector as more facilities embrace Internet of Things technology. Medical devices equipped with Wi-Fi, for example, are vulnerable to infections that can lead to DoS or DDoS attacks.
Some information technology experts have argued that local systems and servers are especially vulnerable to cyberattacks, as compared to cloud-based systems. Their rationale is that the largest cloud providers – think Amazon, Google, and Microsoft – have so much at stake that their cybersecurity is locked down tightly.
When a facility is targeted by healthcare cyberattacks, all internal communications are vulnerable. A good mix of local systems and web-based solutions can keep the facility up and running until it’s able to banish the hackers.
MDsyncNET’s cloud-based system offers the security of the cloud paired with the convenience of an internet-based application. Accessible from any connected device, MDsyncNET’s platform for physician scheduling software, secure messaging, virtual phone directories, and file management ensures that critical business processes are accessible 24/7.