Cybercriminals target healthcare for personal health information
231 views

Cybercriminals target healthcare for personal health information

Healthcare organisations face rising phishing and remote access attacks.

Healthcare has become a prime target for cybercriminals, with each breach costing more than $10 million on average. The key reason is simple: valuable data. 

"Well, you've got to take it a step back and actually answer the question, what is it that hackers are actually after? It's actually data, because in this day and age, data is actually money," said Ashwin Pal, Partner for Cyber Security & Privacy Risk Services at RSM Australia.

"Personal information can be used to sell it on the dark web, which can then be used to get credit and things like that," Pal explained. Additionally, personal health information, which is highly sensitive, can be exploited for malicious purposes, such as blackmail.

Two of the most common types of cyberattacks targeting healthcare organisations are phishing and remote access exploits. Phishing attacks involve sending deceptive emails to trick recipients into revealing valid credentials, such as usernames and passwords, which hackers then use to infiltrate healthcare systems. 

Remote access attacks, on the other hand, take advantage of vulnerabilities in organisations' remote access systems, allowing hackers to breach systems from anywhere in the world. “Remote access has two key issues. One is, obviously, anybody can use that mechanism to get into an organisation from anywhere in the world, and it's actually got that level of anonymity almost,” Pal explained.

To counter these growing threats, Pal recommends a multi-layered defence strategy focusing on people, process, and technology. “On a people front, you need to be educating your users to make sure that they don't actually fall victim to these types of emails,” Pal advised, stressing the importance of employee awareness and training.

In terms of processes, healthcare organisations should implement strong policies and procedures, along with regular training, to ensure users know what actions to take. However, human error remains a risk, which is why Pal emphasised the need for technological defences. “There are a number of technological solutions that could be employed,” he said, listing critical tools such as endpoint detection and response (EDR) solutions, email and web filtering, and multi-factor authentication (MFA).

“If somebody is trying to steal your password, without that second factor, it'll be difficult or impossible for them to actually get in,” Pal explained. Other technologies, like data leakage prevention and secure remote access solutions, are also essential in safeguarding healthcare data from cybercriminals.
 

Follow the link for more news on

Join Healthcare Asia Magazine community
Since you're here...

...there are many ways you can work with us to advertise your company and connect to your customers. Our team can help you dight and create an advertising campaign, in print and digital, on this website and in print magazine.

We can also organize a real life or digital event for you and find thought leader speakers as well as industry leaders, who could be your potential partners, to join the event. We also run some awards programmes which give you an opportunity to be recognized for your achievements during the year and you can join this as a participant or a sponsor.

Let us help you drive your business forward with a good partnership!