How Cyber Breaches Affect Healthcare Organizations

How Cyber Breaches Affect Healthcare Organizations
Author’s Name
Institutional Affiliation
Course Code and Name
Professor’s Name
Date

How Cyber Breaches Affect Healthcare Organizations
In October 2020, after the Federal Bureau of Investigation (FBI) raised an alarm of significant ransomware distributed by Russian-speaking cybercriminals, about six hospitals were affected by Ryuk ransomware within 24 hours (Middaugh, 2021). Indeed, it shows the magnitude of the issue of cyber breaches in the healthcare industry. Recently, cases of cyber-attacks targeting hospitals have been on the rise. Cybercriminals know that numerous healthcare facilities are busy taking care of people infected with the coronavirus. As such, they are taking advantage to search for vulnerabilities in hospitals' computer networks due to the high potential of financial gains. Some of the cyber attackers want to obtain patients' data so that they can sell them on the black market. Others want to ask for a lump sum from the healthcare facilities affected so that they can restore hospitals' daily operations. Besides, another category of cyber attackers wants to manipulate patients' data without being identified. Regardless of the hackers' intentions with patients' data, cyber breaches affect healthcare organizations adversely.
Cyber breaches targeting healthcare institutions are rapidly increasing in the 21st century. During this time when the world is fighting against COVID-19, hackers have taken the opportunity to search for security loopholes or vulnerabilities of computer systems of healthcare facilities (Abraham, Chatterjee, & Sims, 2019). Some cyber attackers have joined hands to distribute malware programs to numerous hospitals so that they can benefit financially. These hackers are using ransomware to encrypt data on hospitals' computer systems, which makes patients' billing information and other records inaccessible (Middaugh, 2021). When they do so, they ask hospitals to pay an exorbitant amount of money to access their patients' data. Since numerous healthcare facilities do not want their operations to be disrupted, they are obliged to pay the lump sum. Hackers are targeting hospitals as opposed to other businesses since they know that healthcare organizations have a high likelihood of paying a hefty amount of money since many people's lives depend on their services. Cybercriminals perceive the coronavirus pandemic as an opportunity to exploit, launch cyber-attacks, victimize, and benefit from hospitals financially. At the beginning of the COVID-19 pandemic, they used phishing emails, but many healthcare facilities managed to avoid the problem through campaigns to prevent physicians from falling prey to hackers' tricks.
The increase in the rate of cyber breaches in hospitals threatens patients' safety and healthcare service effectiveness. Some hackers are not interested in financial gain, but they want to hack, modify patients' data, and remain in the computer system for an extended period. Such cyber attackers are dangerous since they manipulate the information that doctors and other health professionals rely on to suggest proper treatment methods to their patients. In May 2020, the American Hospital Association (AHA) reported that cyber breaches affecting hospitals "are threat-to-life crimes because they directly threaten a hospital's ability to provide patient care, which puts patient safety at risk" (Middaugh, 2021, p. 65). Patient health information is a gold mine since it can be sold 10-20 times more money than any other form of data, such as social security and credit card numbers. At this juncture, many hospitals have implemented electronic health recording systems and over-rely on them in their daily operations. In other words, without these computer systems running, healthcare facilities cannot operate, and many of them will be forced to halt their operations. The most successful form of cyber breaches, which accounts for over 70% success rate, is ransomware since these malicious programs encrypt data on the affected computers, and hackers demand money to decrypt it (Middaugh, 2021). As such, hospitals' cyber breaches are significant problems that threaten patients' lives, safety, and tamper with healthcare services' effectiveness.
Healthcare technologies have broadened their scope and involve the storage of patients' data in electronic health records (EHRs), telemedicine technologies, and devices for monitoring individuals' health. Technological devices in the healthcare sector continue to evolve, hence increasing their interconnectivity. For example, hospital beds in the United States of America (USA) have about 10-15 devices (Coventry & Branley, 2018). Although the increase in hospital device interconnection facilitates error reduction, remote monitoring, and increase efficiency, it raises cybersecurity vulnerabilities. Millions of medical records have been stolen globally due to increased cyber breaches targeting the healthcare sector. Before the widespread use of malware, hackers used social engineering to trick health professionals through phone calls or emails to provide specific information that would enable them to gain access to the hospital computer system. However, hackers keep changing their tactics to increase their potential of accessing patients' data (Abraham, Chatterjee, & Sims, 2019). Healthcare facilities should realize that they are the primary targets of cybercriminals so that they can implement security measures to safeguard patients' information.
The rise in hospitals' computer systems' vulnerabilities is caused by the increased technology interconnectivity, continuous patient monitoring, and the increased use of smartphones (Coventry & Branley, 2018). For example, many wearable devices that patients are encouraged to use, such as smartwatches, are interconnected or send information to owners' smartphones. While numerous healthcare facilities are spending more money to implement proper technologies to facilitate medical services' effectiveness and efficiency, they are not ready to spend money to maintain these systems. In other words, hospitals are not using their funds to update their computer systems, and some do not have information technology security experts to monitor their systems and ensure that patients' data is safe (Lallie et al., 2021). That is why cyber attackers are motivated to hack hospitals' computer systems due to their increased vulnerabilities and the financial gain associated with patients' information. Healthcare data is more valuable. Stolen medical identities can be used to prescribe medications to drug addicts. When patients' data are sold on the dark web, fraudsters use them to conduct organized crimes, such as dispensing drugs, opening bank accounts, obtaining passports, and securing loans (Lallie et al., 2021). Moreover, data stored by health organizations have political value, and it can be used to tarnish individuals' or hospitals' reputations. Although hospitals cannot guarantee 100% safety of patient's data, they can eliminate cybersecurity vulnerabilities by increasing the resilience of their computer systems (Coventry & Branley, 2018). Consequently, cyber hygiene can be maintained through a regular system update, maintaining system resilience, monitoring the system regularly, and keeping a secure backup.
Cyber...