The recent ransomware attacks that wreaked havoc on hospital systems in Connecticut and other states for more than a week have highlighted significant and growing concerns for the healthcare industry.
The healthcare industry reported more data breaches than any other industry last year, according to data from the Connecticut Attorney General’s Office. This trend is similar nationwide in medical institutions and public health institutions. report 2022 will see the most ransomware attacks against the FBI.
Experts say health care providers are often targeted by cybercriminals because digital systems store so much sensitive data, from medical files to personal and billing information, that thieves can steal. This is because it can be profitable to use and sell on the dark web, he said.
Michel Laurent, a cybersecurity researcher and computer science professor at the University of Connecticut, said organizations in many sectors aren’t investing enough in protecting their networks from hackers.
For the healthcare industry, the problem is exacerbated as many organizations struggle to cover the high costs of healthcare.
“Additionally, the cost of defending cybersecurity and cyberinfrastructure with cybersecurity products only adds to the cost, and small offices typically don’t see it as a big deal.” Mr Laurent said.
Connecticut law requires companies, government agencies, nonprofits, and other entities doing business in the state to disclose known electronic breaches of the personal information of Connecticut residents to the Office of the Attorney General. .
The definition of personal information includes data ranging from social security numbers to financial and health information.
Compromises are often the result of hacks, but can also occur when employees accidentally disclose confidential data.
Health care, especially individual physician offices, reported the most data breaches of any industry last year (336), according to data provided by the Connecticut office to CT Insider.
Nearly 1,500 data breaches across all industries were reported to the state last year, more than triple the number reported a decade ago.
The number of data breaches reported in 2022 only surpassed the 1,600 reported in 2021. Assistant Attorney General John Newmon said the high number of data breaches in 2021 may include a significant increase in cases that “probably went undiscovered or unreported during the pandemic.” said to be of high quality. until later. “
The agency said no figures were available on the number of breaches reported so far this year.
Attorney General William Tong said in a statement that he has worked with chambers of commerce across Connecticut to hold forums focused on cybersecurity and data privacy to help businesses address the issue as best they can. Ta. Surge in cyber threats.
August 3, Ransomware Attack Targeting Prospect Medical Holdingsis a California health care system that oversees hospitals and outpatient centers in several states, including Connecticut. Eastern Connecticut Health Network (ECHN), which is owned by Prospect, and Waterbury Health have closed their facilities due to IT problems, and reported that the problem continued as of this week.
In ransomware attacks, thieves break into sensitive computer systems, plant malware, and encrypt or lock out their owners. Thieves then hold access to the system hostage until a ransom is paid. Hackers can also threaten to expose sensitive data that they have access to in the event of a breach.
Computer systems are often down for weeks while law enforcement tries to determine the extent of the breach and isolate the system, experts say.
Laurent said ransomware attacks are becoming more prevalent. He stressed the importance of safely backing up data to combat ransomware attacks. We recommend that businesses restore from backups instead of paying the ransom.
“If they have the ability to recognize it as a necessary evil, they need it to stay in business and they do it,” Laurent said. “But not everyone has this kind of foresight.”
“If we didn’t have the foresight to introduce this, we would have a big problem,” he added. “People are not protecting their infrastructure well enough, and when something like this happens, they are in a position to be willing to pay a ransom that can be quite large to keep their business running. Masu.”
Laurent said small offices and hospitals are frequently targeted. IT systems are often outsourced, and data can be compromised if the third-party subcontractor is hacked.
He further explained that economic motives often drive data breaches, such as the desire to obtain sensitive information to sell on the dark web.
“In some cases, the goal is to obtain personally identifiable information and sell it on the dark web,” he said. “Last I heard, records like this cost a few dollars, and if you can record tens of thousands of them, I think you can make some money.”
Writer Peter Yankowski contributed to this report.