Why cybercriminals love healthcare data

April 06, 2023 Windstream Enterprise 4 min

Let’s start with some bad news: Cybercriminals love to target healthcare entities for their priceless data, and when a cyberattack hits, budgets and brand perception can be hit hard. Good news? There are new security solutions designed to combat even the most sophisticated cyberthreats. Read on to learn how and why they work.

Healthcare is falling out of the “trusted” category.

Cybercrimes are consistently increasing in healthcare, according to eMarketer. At the same time, the post-pandemic perception of healthcare in the U.S. has taken a drastic downturn. This combination has led to an overall distrust of healthcare and an increased attack surface just waiting for the next hacker to turn their attention to.

In our webinar earlier this month, Forrester VP, Principal Analyst Natalie Schibell stated that 52% of Americans today trust the Centers for Disease Control and Prevention (CDC), and they have even less trust (37%) in the National Institutes of Health (NIH) and Food and Drug Administration (FDA).

What happened? The perception of healthcare has mainly been one of a trusted entity. While there are a list of political or social-economic reasons that might lead to a change in perception, recent findings demonstrate how the pandemic enabled medical misinformation on social media to thrive, contributing to the overall declining trust of government as well as healthcare systems. The American Medical Association (AMA) found that two-thirds of Americans get their news from at least one social media outlet, and as we know from first-hand experience, accounts like Facebook, Instagram, Twitter and TikTok which can account for a lot of misinformation.

Personal safety and data are another big factor to why perception is changing. 34% of healthcare organizations were hit by ransomware during the pandemic. Ever since, cyberattacks on healthcare organizations worldwide have only intensified and they’re not going away anytime soon. Check Point Research found that healthcare organizations across the world averaged 1,463 cyberattacks per week in 2022, up 74% compared with 2021. During the same timeframe, U.S. healthcare entities suffered an average of 1,410 weekly cyberattacks per organization, up 86% vs. 2021.

Why do cybercriminals target healthcare, and how?

Cybercriminals will continue to extort healthcare organizations as the data is essentially invaluable.  To these bad actors, it’s nothing personal; it’s just that healthcare data is more lucrative. Private information like SSN, DOB, diagnoses, insurance and billing information as well as other personal identifiable information (PII), is immutable for most patients, their families and the entire healthcare ecosystem. This makes healthcare data sell for much more money than just standard PII.

All this data can be used for multiple types of criminal activities:

  • Ordering and/or altering prescriptions and durable medical equipment
  • Receiving insurance payments for expensive treatments
  • Creating synthetic IDs
  • Providing authorization to operate (ATO) across numerous firewalls and other security systems
  • Making fraudulent medical claims for insurance payouts
  • Accessing bank accounts, credit card information and other financial means of payments

Don’t let your patients and customers lose faith in you.

Healthcare systems require rapid and efficient access to information, while also ensuring compliance with HIPAA and other privacy regulations. Above all else, organizations must keep this sensitive data out of hands of cybercriminals. Because of these reasons, the bar for healthcare institutions and providers is set very high—but that bar can be met with the right support and technology.

There are new solutions that not only offer top-notch security, but also offer a comprehensive cloud-native framework that enables organizations to streamline IT operations into one single solution. These solutions are Secure Access Service Edge (SASE) and Security Service Edge (SSE).

What is SASE & SSE? How can they benefit your organization?

SASE is an emerging framework that consists of five major components—Software-Defined Wide Area Network (SD-WAN), Firewall-as-a-Service (FWaaS), Zero Trust Network Access (ZTNA), Cloud Access Security Brokers (CASBs) and Secure Web Gateways (SWGs)—all of which embed networking and security capabilities into a single-service, cloud-native model. These components form into one easy-to-manage solution, SASE, which has seen a lot of success in dealing with even the most complicated cybersecurity threats.

SSE unifies the same security components that SASE offers, but it does so without addressing the networking component (SD-WAN) that differentiates the two solutions. That leaves SSE hyper-focused on security capabilities. It is a proven way to improve an organization’s security posture by enhancing compliance and protecting sensitive medical information. 

An example of success.

Healthcare institutions have a lot to gain by upgrading their security solutions. One of our customers provides personal home healthcare services in the U.S. They turned to SASE to combat growing challenges related to rapid growth, legacy on-premises firewalls and disparate point solutions that had become very difficult to manage. All of these challenges weighed heavily on their small IT staff.

With the support of Windstream Enterprise SASE, along with our Professional Services for seamless deployment and rewiring, this home health customer has tapped into the following benefits that trickle down to their employees and patients:

  • Reduced network outages by 90% (vs. prior to SASE installation)
  • Consolidated to a single vendor, making it easier to manage all their networking and security needs in one place (via the WE Connect customer portal)
  • Future-proofed security to ensure the protection and privacy of their clients
  • Gained access to always-on cybersecurity experts via the Windstream Enterprise Cyber Security Operations Center
  • Supported rapid growth plans for 2023 and beyond

This customer has essentially provided an environment where their clients can feel safe, independent and dignified, while building a relationship of trust that is hard to find and obtain in the healthcare industry.

Looking to learn more about SSE and SASE cybersecurity upgrades for your healthcare organization? Watch is webinar replay for an insightful explanation of these solutions and visit our website for helpful information and access to our team of experts who can address all your questions.

Learn more

Key Takeaway
New comprehensive security solutions like SASE and SSE are critical additions to your healthcare organization in providing a secure environment for patients, their families and the clinicians while protecting the healthcare system brand.

How Appalachian Regional Healthcare nursed their network back to health