A new strain of ransomware has surfaced that is targeting hospitals. Being called “Crysis”, this new malware not only encrypts a hospital’s files, it then uploads that data to the hackers’ servers. As you can imagine, this has hospitals less concerned about if they should pay the ransom, but the HIPAA nightmare this creates. This is only the latest in a long string of ransomware and data breaches targeting the healthcare industry. It highlights how important security should be to those entities, but also how slow they are to implement it.
In 2015, information security spending around the world increased 4.7% over the previous year to $75 billion. Unfortunately, while financial institutions spend 15% of their IT budget on security, medical facilities spend less than six. That’s not nearly enough to keep patient medical data safe.
The silver lining is that it appears with all the attacks within the healthcare industry, they seem to finally be catching on. According to the 2015 HIMSS Cybersecurity Survey, 87% of those who responded had seen an increase in their security spending. Unfortunately, however, a lot of the technology being invested in is outdated and still leaves them open to potential attack.
Most medical facilities are still hoping that firewalls, anti-virus software, and data encryption is enough to keep out hackers and protect patient files, but that is no longer the case. It’s far less likely to see newer technologies like data loss prevention tools, intrusion detection, multi-factor digital identity, and dynamic biometrics being used.
Information security is a widely overlooked and crucially important part of IT in the healthcare industry. Having some of the weakest security while at the same time having some of the most valuable data available, means that are a prime target for cybercriminals all over the world.