The healthcare industry remains a prime target for cybercrime, with many prominent organizations falling victim to serious attacks.
In February 2024, Change Healthcare was infiltrated by cybercriminals who obtained the sensitive health data of potentially hundreds of millions of people. A few months later, an intruder hacked into the electronic health record system of Ascension, stealing the personally identifiable information (PII) of an undisclosed number of patients. These two incidents were very expensive and caused disruptions in various essential services. Change Healthcare, for example, has stated the incident will cost them more than $2.3bn so far in 2024. Both attacks also featured some of the most common cybercrime tactics, including phishing and ransomware. To protect themselves from a similar fate, healthcare organizations would be wise to know what kinds of attacks to look out for and why they continue to be effective. This article by Errol Weiss, Health-ISAC chief security officer, covers the top four methods of attack on health sector organizations and basic protocols to implement to prevent them.
