Banner Health, is one of the major healthcare firms in the United States. suffered a healthcare security incident a few years back. The company said that it was alerting around 3.7 million people about an incident in which hackers obtained unauthorized access to computer systems that process payment card data at some Banner locations’ food and beverage outlets. According to the healthcare provider, the attackers may have obtained unauthorized access to patient information and health plan members, including names, birthdates, residences, physician names, health insurance, and social security information, among other things.
The Banner incident has once again highlighted the healthcare sector’s vulnerabilities. However, the matter has been mentioned several times.
The following factors make the healthcare industry appealing to cybercriminals:
- Personal Information in Abundance
- Weak Cybersecurity Framework
Personal Information in Abundance
There is no shortage of personal information in the healthcare business. If a healthcare firm’s network is breached, hackers can obtain personal information on millions of patients, which they can then use to gain large sums of money. Medical profiles of patients can sell for 10 times the price of credit card numbers. Nowadays, hospitals keep meticulous records of each patient. The patient’s information includes personal information such as social security number, emergency contact, home address, email address, health insurance, and so on. These data can be used by hackers to execute spear phishing and social engineering attacks. Above all, once an unauthorized individual has access to your information, your right to privacy is compromised and irretrievable.
Weak Cybersecurity Framework
The vast majority of healthcare providers continue to rely on Wired Equivalent Privacy (WEP), the initial generation of encryption security. WEP is the forerunner of Wi-Fi Protected Access (WPA2). Most manufactured medical gadgets adhere to similar encryption requirements. According to the Department of Homeland Security’s Industrial Control Systems Cyber Security Emergency Response Team, 300 medical devices manufactured by 40 different companies may have vulnerabilities related to password settings set to allow for privileged access to these devices, which would normally be used only by service technicians.
Because medical equipment has such an outmoded security framework, they are extremely vulnerable to hacking. It’s almost like an invitation to hackers, and they’re not hesitant about accepting. Medical gadgets are being “Medjacked” by hackers. Medjacking comprises hackers attacking medical devices and equipment with malware which is followed by the establishment of a backdoor vulnerability known as “Medjack”. This flaw is then exploited by malicious parties.
The late Barnaby Jack was at the forefront of medical device vulnerability research. He demonstrated how a certain brand of implanted insulin pump may be lethally hacked to inject the wrong amounts from up to 300 feet away before his death in 2013. Former US Vice President Dick Cheney had the Wi-Fi capabilities of a medical device in his heart deactivated in 2013 because it may be exploited by terrorists. The threat is real, and the healthcare industry must prepare before the frequency, severity, and variety of attacks grows, as happened with Banner Health Care.