New risk to cybersecurity in healthcare: Hacker as a service
Health IT and hospital security professionals must try to stay ahead of cyberattacks against electronic patient records. But now hackers are prepping the next generation.
Probably going back to the time of Sherlock Holmes, crime fighters have known an unfortunate truth: Just when it seems that they have the bad guys under control, the rogues develop a new wrinkle that messes up the plans.
That axiom arose for me when pondering the current state of cybersecurity in healthcare. Since 2016 -- when cyberattacks against hospitals started to increase alarmingly -- health IT professionals have worked hard to counteract hacker breaches, malware attacks, employee errors and other intrusions into electronic patient data systems. IT folks have updated or implemented new security measures, applied software patches and boosted staff training when necessary.
Then a curve ball was thrown when one of SearchHealthIT's contributors, Nicole Lewis, interviewed analyst Lynne Dunbrack for a feature story in this issue of Pulse on cybersecurity in healthcare. Lewis learned that veteran hackers are giving back to their underground community. In a weird twist on the "blah-blah as a service" model that's popular across the high-tech industry, hackers have made their experience and tools available -- for a fee, naturally -- to a younger generation of cybercriminals.
It seems that even hackers can act as mentors.
Even hackers, unfortunately, can be mentors.
No doubt, this new wrinkle will increase the electronic security threats for hospitals and other healthcare facilities. It's well-known that stolen patient records are worth more than stolen credit card numbers, and now younger hackers will have easier access to illicit tools that may allow them to target a very sought-after industry.
In this issue, you'll also find research that indicates hackers, using tools such as malware and ransomware, were responsible for 37% of breaches involving patient data in 2017. Yikes! There's already a lot of unsavory action like that going on in this area without further encouragement from bad guys offering mentoring services.
The good news: As IT and security people become more aware of the risks to cybersecurity in healthcare, their defenses will get stronger. Let's also hope a little luck shines upon hospitals as they face a potentially growing militia that wants to steal or disrupt patient data.