Cyberattackers Increasingly Target Healthcare Sector

Image of criminal inside computer screenBloomberg Law recently summarized several reports on increasing cyberattacks in the healthcare sector.  The Cylance 2017 Threat Report examined “anonymized threat data collected between January 1, 2016 and December 31, 2017, and found 58% of ransomware attacks impacted healthcare industries in 2017, a dramatic increase from the 34% in 2016.  In 2018, the SamSam ransomware has been used in numerous cyberattacks.  A 10/30/18 Symantec blog post reported 24% of the SamSam attacks affected the healthcare sector.  The College of Healthcare Information Management Executives (CHIME) Healthcare’s Most Wired: National Trends 2018 report found only 29% of healthcare organizations have a comprehensive security program.  At least 90% of healthcare organizations have a dedicated chief information security officer as well as report security deficiencies and progress to their boards, but only 76% provide at least annual security updates and only 34% had a board-level committee responsible for security program oversight.  Perhaps most significantly, less than 1/3 of healthcare organizations participated with formal analysis organizations such as the Department of Homeland Security Cyber Information Sharing and Collaboration Program (CISCP) and National Cybersecurity & Communications Integration Center (NCCIC), and the Department of Health & Human Services Health Sector Cybersecurity Coordination Center (HC3; formerly known as the Cybersecurity & Communications Integration Center or HCCIC).