If you’ve been paying any attention, you’ve seen that the healthcare industry is under a constant threat from phishing attacks that lead to ransomware. Every week it seems there’s another healthcare organization hit with a data breach or ransomware. The question is, why? And now we know the answer.
The short answer is, healthcare organizations are an easy target for hackers because their cyber defenses stink. So, the real question is, why do healthcare organizations cyber defenses stink? The short answer here is, it’s just not a priority for them. And apparently, the hackers know it.
From a new article on Help Net Security, written by a cyber pro in the healthcare industry, “Driving revenue, keeping physicians happy and in place while cutting costs top the list of goals for most executives, so it shouldn’t be surprising that little attention is paid to, for example, implementing two-factor authentication for critical, externally facing systems such as e-mail and remote access to the network.” As long as doctors don’t quit and the company is profitable, that’s good enough.
This indifference has led to extreme vulnerability in these companies. “In many cases, it has been determined that threat actors were inside a healthcare organization’s network for months or even years before setting their malicious code loose. To help ensure payment is made, some threat actors will delete backup data and encrypt the remaining data, thus making it almost impossible for the organization to recover from the situation on their own. At that point, the business is kneecapped and they are at the attackers’ mercy.”
The sad thing is, in most cases, these companies could protect themselves for just pennies per month per employee. In other words, with very little impact on profitability. And the time it would take to protect all those employees? How about 10 minutes.
There is simply no excuse for these healthcare organizations to stay exposed like this when the cost of insurance is so inexpensive and the effort to deploy so minimal. Companies like DuoCircle with their Phishing Protection product are perfectly situated to help them, but they have to pick up the phone (or click on the link).
It’s time for healthcare companies to get serious about cybersecurity in general and phishing protection in particular in an effort to protect their patients and avoid the nightmare of ransomware. Hey healthcare companies, contact us. We can help you.