The U.S. Department of Health and Human Services (HHS) recently published an alert on hackers targeting healthcare web applications. These are programs that use internet browsers to deliver applications to users, like online forms, shopping carts, photo editing, and email programs. These are typically interactive and require some sort of user authentication. In healthcare, examples are Patient Portals, Telehealth Services, Online Pharmacies, and Patient Monitoring Applications with IoT Devices.
According to the HHS report, these hacker attacks include stealing data, ransomware, and disrupting service. The report follows an April alert that an “exceptionally aggressive” ransomware gang, known as Hive, was targeting healthcare organizations. This highlights the importance of our cybersecurity efforts, as the healthcare industry continues to be a focus by malicious actors – a 2021 analysis showed the industry was the most common victim of attacks, accounting for 33% of data breaches last year.
Why Healthcare is Targeted
There are several reasons the healthcare industry is targeted:
- Valuable Data:Healthcare data is extremely valuable. For example, a stolen credit card number might be worth $2,000 but a file with Protected Health Information (PHI) could be worth up to $20,000.
- Networked Systems:With healthcare organizations increasingly putting all their data and communications on networked systems, while more efficient than the days of paper, phones, faxes and desktop computers, these interconnections also increase the risk of higher and more widespread impacts if a cyber-attack is successful.
- Connected Medical Devices:With healthcare increasingly relying on network-connected medical devices – many of which are vendor managed -– they have additional complexity and potential risks to keep secure.
Providence Cybersecurity
Providence does have processes in place to protect our systems from hackers and the Cybersecurity team is constantly improving our defenses as these attacks continually evolve. Aware of the risks that web applications can create, Providence already has a robust strategy to keep the ones we use secure. This includes regular scanning of the underlying software code for vulnerabilities, firewalls that block unauthorized access while permitting outward communication, and ongoing testing to ensure our defenses are working against the most up-to-date attack tactics.
Among our other Cybersecurity efforts to protect Providence, we are implementing programs to ensure system accesses and privileges are appropriate, emphasizing medical device security, and increasing our ability to detect — and address — threats in real time.
What You Can Do
However, it is Providence caregivers that are our first line of defense. Remember to:
- If you receive a suspicious email, do not respond to the email and do not click on links or attachments and, if it’s to your Providence email, be sure to report it through Outlook.
- Use strong passwords and don’t reuse them across your various accounts.
- Regularly restart your devices to keep software and hardware updated with the latest security patches.
- Manage your social media settings to ensure you are not accidentally sharing personal or private information. Attackers can use that information to target you with a phishing email, guess your passwords, or answer common security verification questions.
- Don’t use devices at Providence that have not been approved by the cybersecurity team.
- If you receive a suspicious call, text message or voice message at work, do not provide any information. If you believe a phone call is an attempt to get information from you, hang up.
More info
- Watch this video to learn more.
- Check out the Providence Cybersecurity site.