Tag Archives: Cybercrime

Life & Death:
Cyberattacks Interrupt More Than Business

Cyberattacks on hospitals can lead to increased death rates among heart patients, recent research suggests. This research emerges as attacks on health facilities are reported to have increased 60 percent in 2019.

Researchers at Vanderbilt University‘s Owen Graduate School of Management drilled down into Department of Health and Human Services records on data breaches from more than 3,000 Medicare-certified hospitals. They found that, for facilities that experienced a breach, the time for suspected heart attack patients to receive an electrocardiogram (ECG) increased by more than two minutes.

Health care is the seventh-most targeted industry, but attacks on this sector are on the rise.
When seconds count

The study focused on the impact of remediation efforts on health care outcomes following a data breach.  It found that common remediation approaches, such as additional verification layers during system sign-on, can “delay the access to patient data and may lead to inefficiencies or delays in care.”

Common remediation approaches, such as additional verification during system sign-on, can delay access to patient data and lead to delays in care.

“Especially in the case of a patient with chest pain,” the report says, “any delay in registering the patient and accessing the patient’s record will lead to delay in ordering and executing an ECG.”

The researchers found that “a data breach was associated with a 2.7-minute increase in time to ECG three years after the breach.”

A bit over two minutes may not seem like much – but during a coronary or a stroke it can be the difference between life and death.

Increasingly targeted

Vanderbilt’s research was based on data collected before ransomware attacks against health care facilities became common. The authors caution that such attacks – in which systems or data are held hostage until a ransom can be paid – “are considered more disruptive to hospital operations than the breaches considered in this study.”

The medical sector is the seventh-most targeted industry, according to a report by internet security firm Malwarebytes, based on data gathered between October 2018 and September 2019. But Malwarebytes warns that attacks on this sector are on the rise.

“Threat detections have increased for this vertical,” the report says, “from about 14,000 healthcare-facing endpoint detections in Q2 2019 to more than 20,000 in Q3, a growth rate of 45 percent.”

Comparing all of 2018 against the first three quarters of 2019, Malwarebytes said it has observed a 60 percent increase in such attempted intrusions.

“If the trend continues,” Malwarebytes reports, “we expect to see even higher gains in a full year-over-year analysis.”

 

Cybersecurity Budgets Rise, But Not Realizing Full Value

Technology is not enough in the fight against cybercrime, effective cybersecurity measures require policy and process changes as well.

That’s the takeaway from an analysis of cyber-risk spending included in the 2015 U.S. State of Cybercrime Survey recently released by PwC.

While cybersecurity budgets are on the rise, companies are mostly reliant on technology solutions to fend off digital adversaries and manage risks.

Among the 500 U.S. executives, security experts and others from public and private sectors responding to the survey, almost half (47 percent) said adding new technologies is a spending priority, higher than all other options.

Notably, only 15 percent cited redesigning processes as a priority and 33 percent prioritized adding new skills and capabilities.

When asked whether they have the expertise to address cyber risks associated with implementation of new technologies, only 26 percent said they have capable personnel on staff. Most rely on a combination of internal and external expertise to address cyber risks of new solutions.

PWCCyberSpending2015

As PwC advises:

Companies that implement new technologies without updating processes and providing employee training will very likely not realize the full value of their spending. To be truly effective, a cybersecurity program must carefully balance technology capabilities with redesigned processes and staff training skills.”

Employee training and awareness continues to be a critical, but often neglected component of cybersecurity, PwC said. Only half (50 percent) of survey respondents said they conduct periodic security awareness and training programs, and the same number offer security training for new employees.

Some 76 percent of respondents to the survey said they are more concerned about cybersecurity threats this year than in the previous 12 months, up from 59 percent the year before.

As PwC noted, in today’s cybercrime environment, the issue is not whether a business will be compromised, but rather how successful an attack will be.

Check out Insurance Information Institute (I.I.I.) facts and statistics on cybercrime here.