“Health is now the number one target for ransomware around the world – more so than Finance, Retail, Transportation and Manufacturing,” says Liz Schoff, Security Consultant at healthAlliance. “The value of a health record on the dark web can be as much as USD $100, compared to just a few dollars for a black-market credit card number,” she adds. “The reason is when a credit card number or bank account number is compromised it can pretty quickly be shut down and not used again, but health information sticks with people forever,” she explains. “The value of stolen or ransomed health information remains the highest and that’s why we continue to get targeted the most,” she adds.
In today’s world you cannot run a hospital without computers. Patient information is held online, and computers are used to run various essential operations every day. “There have been instances where hospitals have been forced to pay when a cyber-criminal has managed to encrypt a hospital network and demand a ransom,” says Ms Schoff. “It is absolutely critical for us to make sure that all of our staff understand how to identify phishing emails and not have a behaviour that could lead to a compromise of our network,” she adds.
These behaviours could be clicking on links, giving away one’s credentials or downloading attachments that might have viruses. “Even though there are technologies to reduce risks by looking at attachments before they are downloaded, or by checking websites before you allow someone to visit them, cyber-criminals are always innovating and they’re getting smarter,” says Ms Schoff. “It’s really hard to have technology that’s 100% up to speed, so having an educated staff is absolutely the best defence a hospital can have,” she adds.