What’s in a Name?
By Dr. Scott Vinci
The list of names is lengthy: Dunn & Bradstreet, Saks Fifth Avenue, Bronx Lebanon Hospital, Anthem Blue Cross/Blue Shield, Verizon, Equifax. I truly could go on and on. And, unfortunately the list continues to grow with each passing day.
Security and data breaches, malware and ransomware are not mythical terms – they are a very harsh reality in today’s digitally enabled world. So, it really comes down to a question of not “if” but “when.” It’s estimated that you have an approximately one in one million chance of getting struck by lightning. But the odds of your organization or hospital experiencing a data breach? One in four!
An independently sponsored study by IBM recently estimated the average cost of a data breach in 2017 to be 3.6 million dollars. And while that’s slightly less than last year, the relative size per breach has increased to 24 thousand records per incidence.
Just a few weeks ago, Equifax, one of the three largest credit agencies in the United States suffered a breach of epic proportions. It is estimated that over 143 million consumers were affected by this crime. The news continued to get worse as it was revealed that the data stolen included sensitive information such as social security and driver’s license numbers — making it one of the worst breaches ever.
So why all the doom and gloom and scary talk about data and security breaches, hacking, malware and ransomware? Well, October is National Cybersecurity Awareness Month. The Department of Homeland Security has developed this annual campaign to raise awareness about the importance of cybersecurity. The intent is designed to engage and educate both the public and private sector through events and initiatives that raise awareness about the importance of cybersecurity in today’s digitally connected world.
A brief look at cybersecurity facts and figures for 2017 should help reveal why this topic is one you will continue to hear about in ever increasing proportion:
- It is estimated the damage from cybercrime will hit 6 TRILLION (that’s not a typo) dollars annually by 2021
- Spending on cybersecurity eclipsed 80 billion dollars in 2016 alone
- The threat of cybercrime will more than triple the number of unfilled cybersecurity jobs estimated to reach 3.5 million by 2021
And who’s the hottest target right now for cyber-criminals? Healthcare and hospitals are being targeted with increasing frequency. With so many more avenues of attack (think patient portals and connected medical devices), the healthcare industry has been under siege. Even as the cost of healthcare records is dropping on the open market, the interest in healthcare as a target continues to grow worldwide.
This past May, a massive attack on the National Health Service and Hospitals of the UK occurred, crippling the system’s ability to treat patients. Hospital staff had no access to pertinent patient data rendering them useless. The culprit? A ransomware attack called “WannaCry.” Officially known as a “ransomware cryptoworm,” it targeted computers running the Microsoft Windows operating system by encrypting data and demanding ransom payments in Bitcoin (a form of digital cash or currency). This type of attack known as ransomware, also gained traction last year in an attack on Hollywood Presbyterian Medical Center. Hackers demanded the hospital pay a ransom of $17,000 requested again in Bitcoin — or else be “shut down!”
Frightening as the topic may be, the best defense against cybercrime is a good offense. In the end, it all boils down to “preparedness” – Prevention, Detection and Response. IT professionals who specialize in cybersecurity are the best defense any organization can have in these days of digital crime.
At the recently held HIMSS (Health Information Management Systems Society) Healthcare Security Forum, the dialogue was stark. “Information security in and of itself is a tough business,” reported one security professional. “Cybersecurity is about facing adversity every single moment of every single day.”