Blog | Why Hackers Love Healthcare Data

Cyber 12/23/20

Why Hackers Love Healthcare Data

Have you ever wondered how cyber criminals choose their targets?

Vulnerable entities include government websites, medical systems, financial institutions, corporations, small businesses, and individuals.

To figure out the most likely victims, we need to think like hackers.

Cyber criminals ask two main questions when deciding where to strike next:

How easy will it be? Criminals run programs to determine the vulnerability level of websites and software, looking for ways to infiltrate and steal information. Better security measures reduce the hacker’s interest.
How much is there to gain? Will the company be motivated to pay a high ransom for stolen information? Do they have the resources to do so?

Given these factors, which industry is most attractive to hackers?

The answer may surprise you.

Why Healthcare Data is Vulnerable

Healthcare companies store computerized data on either hard drives or “the cloud.”

Hard drives are internal storage methods on physical units like cell phones, laptops, and desktop computers. To access a hard drive, hackers must either manipulate users into downloading malware onto their device (for example, opening an email to an attacker’s site) or access the device physically (for example, stealing a device or breaking into a building to access a device). This depends on user error, forcing hackers to hope someone opens a phishing email or leaves their door unlocked.

Cloud technologies are external storage methods online that can be accessed by multiple people and companies. To breach “the cloud,” hackers may look for weak passwords or out-of-date cybersecurity protection. Cloud technologies are likely to meet both criteria for an ideal target: higher vulnerability and more valuable information.

Most healthcare facilities use some form of cloud technology to store and access information. As you may have guessed, the emergence of COVID-19 has forced many people to work remotely. Healthcare workers replace staff meetings with emails and phone calls. Physicians consult with patients via teleconference. All of these activities increase a company’s cloud activity, making it more valuable—and more vulnerable—to cyber criminals.

Why Healthcare Data Is Valuable

According to one report, a single Private Health Information (PHI) record is worth up to $250 to a hacker. Compare this to the next highest-value target, credit card numbers, which bring in about $5.40 each.

Why the discrepancy?

Consider the consequences of a stolen credit card number. Upon realizing the breach, the victim will immediately cancel the card. They may file a claim for compensation with their financial institution, and the institution itself will work rapidly to repair the damage. Within hours, the information may become useless to the hacker.

But cyber criminals prefer healthcare records for three reasons:

PHI records contain a patient’s complete profile: Social security number, date of birth, payment methods, insurance data, sensitive medical conditions, and doctor/patient communication. Once released, the information can’t be made private again. The hacker might profit for years.
Medical system software is often connected with other parties. This could involve pharmacies, insurance companies, hospital networks, affiliated offices, and stakeholders—all accessed with a single data breach.
The Health Insurance Portability and Accountability Act (HIPAA), is a federal law to ensure PHI and other personal information is accessed only by approved entities. A HIPAA violation may result in jail time and a fine of up to $1.5 million. The ethical and legal ramifications of a HIPAA breach are severe.

Why would hackers even want this information?

How Hackers Use PHI

Cyber criminals can use PHI in two ways:

After a breach, the information may be held for ransom. The affected company is required to pay a large sum of money, after which the hackers promise to destroy their copies of the records. Paying a ransom can avert expensive public relations disasters.
PHI may be sold on the black market, especially if a ransom is demanded but not paid. Buyers can illegally get prescriptions and sell pills, receive expensive treatment, or fraudulent medical claims for insurance payouts. They can buy email addresses to spam with malware. They can access bank accounts and credit card numbers.

Clearly, the consequences of a healthcare data breach can be disastrous. That’s why more businesses than ever are taking steps to avoid and mitigate damage.

Protect Your Company

Between January and July 2020, the top 10 healthcare data breaches resulted in the following:

Nearly 4 million complete or partial records compromised
Dozens of facilities affected
Tens of millions of dollars in legal fees, settlements, and ransom payments

These numbers are frightening, but healthcare companies have two ways to make vulnerable data safer:

Enhance security measures. Keep software up-to-date, train personnel to use strong passwords and personal security, and encrypt data.
Invest in cyber liability insurance.

With hackers constantly revising their methods, it’s impossible to be 100% protected. The good news is that companies can mitigate the effects of an attack with a simple cyber insurance policy.

How to Get Cyber Security Insurance

What should healthcare companies look for in a cyber security insurance company?

Experience. NOW Insurance has over 20 years of experience providing insurance in the healthcare sector.
Customized plan options. NOW Insurance won’t trick you into buying something you don’t need. Our unique approach provides just the insurance you need, with quick quotes and online service, and without the extra costs that don’t apply to your business.
Specialized plans for healthcare practitioners. NOW insurance only works with select industries to ensure the highest quality care.
Security. NOW Insurance is backed by the world’s leading insurance market, Lloyd’s of London.

The process is simple:

First, determine how vulnerable you are to data breaches with our easy cyber risk assessment tool.

Second, get a no-obligation quote for personalized recommendations. You might be surprised at how affordable it is.

That’s it!

You can’t afford not to protect your healthcare profession. Your reputation, bank account, and patients’ well-being depend on it. Learn more now!

NOW Insurance

Blog

Tips for protecting yourself and your business.

Consultants

Are You Putting Yourself at Risk as a Freelancer Without Insurance?

Consultants

10 Things to Avoid When Looking for Liability Insurance Online

Mental Health

10 Ways Mental Health Can Affect Relationships: What Marriage Counselors Should Know

Consultants

Celebrating Nurse Practitioner Week: Nov. 7-13

Why Hackers Love Healthcare Data

Why Healthcare Data is Vulnerable

Why Healthcare Data Is Valuable

How Hackers Use PHI

Protect Your Company

How to Get Cyber Security Insurance

Tips for protecting yourself and your business.

Are You Putting Yourself at Risk as a Freelancer Without Insurance?

10 Things to Avoid When Looking for Liability Insurance Online

10 Ways Mental Health Can Affect Relationships: What Marriage Counselors Should Know

What Is Typically Covered by Freelance Insurance?

Video Interview with Phil Cabaud and Celent Analyst, Andrew Schwartz

NOW Insurance Wins Celent Model Insurer for Customer Experience Transformation

6 Reasons Medical Professionals Need to Understand Cyber Liability

Quitting Your Day Job? 5 Things You Need as a Freelancer or Consultant

Are You a Freelance Consultant? You May Be Unknowingly at Risk

Continuing Education Round-up for Nurse Practitioners

6 Major Mental Health Challenges for Today’s Students

In-Demand Nurse Practitioner Specialties for 2022

Why Home Health Care Can Have a Positive Impact on Mental Health

Consultant Insurance: What Kind of Consultants Should Get Coverage?

Why Clinical Counselors Need to Care for Their Own Mental Health, Too

Celebrating Nurse Practitioner Week: Nov. 7-13

Insurance for Freelancers: 7 Reasons Not to Risk Going Without Coverage

Four Ways to Reduce Risk for Medical Labs in COVID Era

Malpractice Insurance FAQs: What Is a “Retro Date”?

Why You Should #ThankAPharmacist This Month

Why School Counselors Should Consider Malpractice Insurance

Pros and Cons of Working from Home in 2021

Am I Legally Required to Get Small Business Insurance?

Liability Risks for Occupational Therapists

What Are the Exclusions on a General Liability Insurance Policy?

Nurse Liability Insurance: 7 Reasons to Get a Policy Even If Your Workplace Is Covered

Four Common Mistakes Lab Techs Make

Upskilling and Reskilling in Pharmacy

How Can I Reduce My Professional Liability Insurance Cost?

Is Administrative Staff Covered by Medical Malpractice Insurance?

What Can Happen if a Clinical Counselor Doesn’t Carry Malpractice Insurance?

Mental Health Technicians Are More Important Than Ever in 2021

Why Every Counselor Should Have Malpractice Insurance (Even If You’re Just Starting Out)

Five Reasons Why Marketing Consultants Need Insurance

Speech Therapist Insurance: What Do You Need to Cover?

General Liability and Workers’ Comp: What’s the difference?

What You Need to Know About Planning Your Comeback Event

Top Tech Tools for Hosting a Hybrid Event

Are You at Risk? Four Potential Liabilities When You’re an Uninsured Drug Counselor

Consulting in the Tech Field? This is the Insurance Coverage You Need

How to Use Virtual Reality for Your Hybrid Event

Bold Penguin and NOW Insurance Partner to Make Professional Liability Insurance Easier to Quote and Bind

Matt Higgins Joins NOW Insurance as Executive VP of Engineering

Planning a Conference? You Need Event Insurance

Five Steps to Buying Consultant Business Insurance

Nursing Board Discipline: Know the Process

Eight Things Commonly Forgotten by Event Planners

Hybrid Events Are the New Norm – What Should Event Planners Know?

How Much Is Professional Liability Insurance? 6 Factors That Affect Price

Providing Peace of Mind: Insurance for Mental Health Workers

7 Reasons Rehabilitation Counselors Should Get Malpractice Insurance

Pharmacy Technician: What’s Next?

Common Mistakes When Starting a Consulting Business

8 Reasons a Family Counselor Should Be Insured

Professional Liability Insurance for Mental Health Technicians: What Does It Cover?

NOW Insurance Partners with Hiscox on Medical Malpractice Insurance

What to Know About Multi-State Healthcare Licensure

6 Risks of Being a Substance Abuse Counselor Without Malpractice Insurance

What Are the Best Upskilling Opportunities in Healthcare?

How Virtual Care Expands Access to Specialists

Thinking of Becoming a Therapist? 5 Things to Know

Do School Counselors Need Their Own Insurance Policy?

5 Rewards of Being a Mental Health Technician

What are Key Compliance Issues in Home Healthcare?

The Home Hospital: What Is It and How Will It Affect Future Care?

What Challenges Should School Counselors Expect as Schools Reopen?

Sharing the Workload: Questions You Can Ask Your Pharmacist Instead of Your Doctor

5 Situations Where Testing Labs May Be Legally at Risk

Do Marriage Counselors Need Professional Liability Insurance?

8 Malpractice Insurance Terms Every Medical Professional Should Know

Social Worker Insurance: Do I Need My Own Coverage?

Pandemic Pressures Drive Increased Need for Mental Health Technicians

Celebrate National Student Nurse Day on May 8