Why are Hospitals Being Targeted by Cyber Hackers

Media Division | July 19, 2017

There are some lists you do not want to be at the top of: least likely to succeed, most ridiculous ideas to never get off the ground…and this one: industry most targeted by hackers.  Until recently, services and finance topped this list. (Do not worry, they are still near the top.) But now healthcare ranks number 2, second only to business services.

So why would healthcare facilities be the prey cyber hackers seek? Several reasons, none of them good.

Data with Value

When you consider the data that might have value on the cyber black market, you can see how hospitals are full of such data: social security numbers, credit card or banking information, personal information like names and birthdates. The data that such facilities require in order to treat patients and handle their billing, is the very same data that cyber hackers target.

If they do not use the information for cyber crime themselves, they can still turn right around and sell it. In fact, lots of “cyber criminals” lack the skills to be hackers themselves, but they can still trade in cyber crime once they have valuable data from facilities like hospitals.

Data Valuable to You

Sometimes when hospitals are targeted by cyber hackers, they do not care about the “street value” of the data, but instead just about the value of the data to the hospital itself. Healthcare is a multi-billion dollar industry, and some cyber hackers have the very straightforward agenda of wanting a slice of that pie. How they go about it, frequently, is in the form of ransomware.

Ransomware is a form of malware (bad software), that hijacks your files. Some ransomware “freezes” your data, some basically send it to the hackers and deletes it from your servers, with a promise to unfreeze it or return it to you if you pay the ransom. Often, those are empty promises, and your data is neither returned nor unfrozen.

One should never bargain with criminals. But the idea behind ransomware is that your data is more valuable to you than anyone, so if you are willing to pay for your own data, they win.

Chaos as the Objective

Other cyber attacks are not aimed at money at all. Even the recent WannaCry ransomware virus that shutdown 65 hospitals in the UK alone, might not have actually been about money. The virus spread very quickly and cost economies millions, if not billions, but the criminals themselves did not see more than a few thousand. Why? The virus demanded bitcoin, but was easily stopped and had no way to tell who had paid!

So why create ransomware that isn’t going to make a ton of money off of the ransom? Chaos, perhaps. Sometimes computer viruses and other major cyber security events seek only to upset the order of things. For some cyber hackers, turning society on its ear, even if it costs your company millions or a hospital its operations, is about leveling the global playing field and disrupting the balance of power. Even sites like WikiLeaks, which may have released data hacked by Russia that led to the upset of the United States presidential election, are part of the moving pieces on the cyber chess board. Some of the players, the cyber hackers, feel that hospitals and big businesses like banks have too much of the power, and want to re-order the pieces.

For some cyber hackers, turning society on its ear, even if it costs your company millions or a hospital its operations, is about leveling the global playing field and disrupting the balance of power. Even sites like WikiLeaks, which may have released data hacked by Russia that led to the upset of the United States presidential election, are part of the moving pieces on the cyber chess board. Some of the players, the cyber hackers, feel that hospitals and big businesses like banks have too much of the power, and want to re-order the pieces.

Get Covered

Just like you have fire insurance and practice fire drills, but hope to never experience one, effective cyber security involves a little bit of drilling and insurance: in the form of preparation and cyber threat mitigation.

Media Division
MEDIA DIVISION
Massive's Media Division publishes timely news and insights based on current events, trends, and actionable cross-industry expertise.