Florida officials revealed late Friday that a massive Medicaid hack may have exposed 30,000 patients’ sensitive personal information two months ago. The data breach, attributed to an employee who fell for a malicious “phishing” email in November, is just the latest example of a medical system infiltrated by cybercriminals—and you should expect to see even more health care data hacks in the coming years.
The fact that the Florida Medicaid breach, which may have allowed hackers to access Social Security numbers, patients’ names, addresses, medical information, birth dates, and other information, stemmed from a phishing scam is telling. User error is one of the simplest ways for cybercriminals to work their way into an organization’s IT infrastructure. And, given the sensitive nature of medical data, health care systems are a natural draw for cyberattacks.
Subscribe to Brainstorm Health Daily, our newsletter about the most exciting health innovations.
The Federal Bureau of Investigation (FBI) has issued stark warnings to health care organizations over the threats of phishing emails and malware such as ransomware, which take data hostage in exchange for recompense. Ransomware is particularly prevalent in health care, as a 2017 Verizon Data Breach analysis reports. Between 2014 and 2017, ransomware surged from the the 22nd most common type of malware to the fifth most common. In fact, 72% of all health care malware attacks were ransomware. “For the attacker, holding files for ransom is fast, low risk and easily monetizable—especially with Bitcoin to collect anonymous payment,” wrote the Verizon report authors. The only industry more frequently targeted is financial services.
Some types of health care cyberattacks are more difficult to avoid than others, especially given the sorry state of health IT infrastructure. But one critical way to thwart would-be hackers is to follow common sense guidelines about passwords, suspicious emails, and other human behavior.