Healthcare vs. Hackers: Nobody has Died (Yet)

A few years back I had a lunch meeting with two IT Security veterans. One remarked, “There’s been no Pearl Harbor or 9/11 in cyber security. Nobody has ever died because of hacking.” If there was, there would have been a “rallying cry” or a massive response.But those two examples may be the wrong ones to compare to cyber crime. Perhaps cybercrime is more akin to the mafia. The deaths caused by mafia activities didn’t have the same goal as the 9/11 terrorists or the attack on Pearl Harbor. Instead, they expunged those who either stood in their way or acted as an inconvenience to their activity. Cybercriminals, like mafia bosses, seek only money. Imagine $1.8 billion profit for a successful CEO email phishing scam. The profit for stealing just one medical record is tremendous.The true cyber criminals - hacktivists aside - don’t want anyone noticing their activity. Explosive media coverage directly hinders their goal, unlike the 9/11 terrorists, who use the media to feed their success, measured in fear. Cyber criminals want an unsuspecting public. Even more, cyber criminals constantly think up new ways to get around security - it is not enough to secure a system once and assume it will remain impenetrable. They target systems and users that are easy to fool. They seek to exfiltrate with the goods easily, without causing detection or alarms. And this path of least resistance is remarkably effective.Unfortunately, the healthcare industry fits this bill to the tee. Medical systems are both some of the least secured and most profitable targets for hackers. The data they hold is extremely sensitive, and the computer systems are often necessary in advanced scans and procedures. Having these systems brought down could mean the worst for patients in dire need of immediate care. The hackers, though, won’t take the humanitarian side.The WannaCry ransomware attack of 2017 hit a large number of hospitals in the U.K. especially, and a number of other unnamed medical facilities worldwide. This attack represented the first ransomware to hit hospitals, but cyber attacks are no stranger to the medical system. Whether it is a small healthcare practitioner office or a large hospital providing critical medical support, an attack on computer systems can result in a halt of care that can be devastating.Will there be deaths directly related to cybercrime in the future? Hopefully not, but with the vast profits in hacking, criminals aren’t going to worry about innocent people getting hurt from a hospital system going down.NetWorks Group help organizations detect and respond to advanced cyber security threats through a powerful combination of our proprietary threat detection platform, expertise and security tools. Contact us today to learn more about how we can help you secure your enterprise.