On the night of January 11, 2018, Hancock Health Regional Hospital was attacked by cybercriminals. The criminals targeted credentials, servers, and encrypted data that the hospital had. In order to keep functioning, the hospital resorted to pen and paper. The perpetrators asked for $55,000 so that the hospital could get the encryption keys to unlock their data. Sadly, attacks on the healthcare industry will be common because of its lucrative nature and some of the tactics do not require much technical expertise.
In terms of finance, cybercrime is profitable. On the black market, financial accounts and a social security number fetch for $25 while health insurance information and medical records can go for $2,000 (Abagnale, 2019, p. 87). Cybercriminals use the information to bill insurance companies and get prescription medication to sell on the street. The cost of doing cyberattacks are cheap. Sending out fake emails, strange file attachments, and bad links are relatively inexpensive. Criminals hide where the money is going by using cryptocurrencies.
Cybercrime don’t have to be high-tech. There have been instances of using friend requests to gather information on targets. This can range from seeing when the target is on vacation to chatting with the target to get sensitive information. To access an account, scammers may not know a mother’s maiden name but can always create an elaborate story for an unsuspected targets’ relative. They can then use the information to unlock an account and create new passwords and answers for security questions. Even something as simple as shoulder surfing can gather a good deal of confidential data!
Essentially, the difficulty to securing digital information is the constant tension between opening and closing data and information. The internet was created as an open system to withstand a nuclear attack. When it was created, there was less concern about security and more emphasis on access and convenience. This has never changed. Getting healthcare employees to regulate themselves, create (and remember) passwords, and restrict their use of electronic devices is no easy feat. It will be key for healthcare agencies to strike the right balance between openness and security.
References
Abagnale, F. (2019). Scam Me If You Can. New York, USA: Portfolio/Penguin.