Nurses, doctors, and scientists are working overtime to treat patients and develop life-saving vaccinations during the age of COVID-19. Unfortunately, cybercriminals are also staying busy.
Since the earliest days of the pandemic, threat actors have targeted several organizations key to fighting the health crisis, including the U.S. Health and Human Services Department and the World Health Organization. Labs and hospitals around the world have also been hit, including Brno University Hospital in the Czech Republic, a major COVID-19 testing site.
While the HHS and WHO attacks were largely unsuccessful, the incident at Brno University Hospital was significant enough to delay surgeries and re-route patients. And more attacks may be on the horizon: WHO Chief Information Security Officer Flavio Aggio told Reuters that hacking attempts against the agency have soared during the pandemic.
Pandemic-related healthcare hacking continues to be a major concern. Philadelphia-based software company eResearchTechnology experienced a ransomware attack on September 20, 2020.
eResearchTechnology's software is used in hundreds of global clinical trials for coronavirus tests, vaccines and treatments. The recent attack slowed critical trials at research organizations and drugmakers such as IQVIA, AstraZeneca and Bristol Myers Squibb. eResearch Technology claims patient data was not at risk, but researchers and drugmakers affected by the attack had to turn to analog tracking to continue their trials, since they lost access to their data.
The company has notified the FBI and is working with cybersecurity experts to combat the attack. In a statement, the company indicated that the incident has been contained and they are slowly bringing their software systems back online.
Sadly, healthcare-industry hacks are nothing new. The Identity Health Resource Center reports that of all industries, the healthcare field experienced the second-highest rate of breaches in 2018, long before the current health crisis.
Medical devices, applications, and data are increasingly connected online (some experts call this the “Internet of Medical Things”), and healthcare providers may struggle to continually adapt to cybersecurity best practices. This creates vulnerabilities that bad actors can exploit.
For nation-state actors and professional cybercriminals alike, hacking healthcare data can be powerful and profitable. When patient lives hang in the balance, ransomware victims may be more likely to pay up. Plus, patient records command as much as $60 apiece on the dark web. Compare that with stolen credit cards, which can sell for just a few dollars each, and it becomes clear why 32 million patient records were hacked in the first half of 2019 alone.
What happens if a bad actor targets your medical data or devices?
You may be wondering what a healthcare-related cyberattack could mean for you.
It’s troubling enough when a cybercriminal hacks into your laptop, but what if the target were a highly sensitive medical device — like a pacemaker or insulin pump? If you use such a device, could a cybercriminal take over and harm you with rogue electrical impulses? While this may be technically possible, experts say it’s very unlikely.
What’s more likely is that an identity thief will steal your medical records for personal profit.
Traditional medical identity theft occurs when a thief gains access to a victim’s healthcare or medical records, then seeks care while posing as that person. In addition, identity thieves may make insurance claims on procedures that never happened, defraud government programs, and order medical supplies or drugs.
If you’re targeted in such an attack, you could wind up footing the bill for treatment you never received.
Even more concerning? Once fraudulent procedures and treatments make their way into your medical file, your provider could make treatment choices for you based on false entries, or without key data from your past.
That’s why when it comes to your healthcare profile, it’s particularly important to detect identity theft right away. If you’re a PrivacyArmor member, there are things you can do today to protect yourself. If you haven’t already, please visit the portal to switch on key features, such as dark web monitoring. You can add important information, like health insurance account numbers, so we can alert you as soon as we detect your data where it doesn’t belong.
Ransomware in the healthcare industry
Ransomware has long been a growing trend in the healthcare industry, with the COVID-19 crisis sparking a surge in these types of attacks.
Ransomware is a form of malicious software designed to infect computer systems and devices. When the virus deploys, victims are prompted to pay a fee — known as a ransom — to unlock their files. This can be especially problematic in the medical field, where blocking access to critical devices and patient data puts lives at risk.
Unfortunately, ransomware attacks are a powerful tool for both nation-state hackers seeking to disrupt the status quo and cybercriminals looking for a large financial payout.
This type of attack may be more common than you realize. According to a recent study by consumer advocacy group Comparitech, there have been 172 documented ransomware attacks on medical systems since 2016, and experts predict the problem will continue to grow, especially now that hospital systems may be strained by limited resources and large numbers of patients.
While you can’t control the security practices of your healthcare providers, you can enlist an identity-monitoring service like PrivacyArmor to keep an eye out for your sensitive information falling into the wrong hands.
Here’s what to do if medical identity theft happens to you
Healthcare files contain highly personal information. If your medical data is compromised at any time, it may chip away at your privacy and even endanger your health.
If you’re a PrivacyArmor member, here are two ways to make sure you’ll be alerted if we find your information exposed:
- Visit the portal and add important items, like credit card numbers and email addresses, to our Dark Web Monitoring tool
- While in the portal, visit the Credit Monitoring tab to switch on our Credit Monitoring feature for an extra layer of protection
If you do become a victim of medical identity theft, our certified fraud remediation experts are available 24/7 to help fully restore your identity. With us as your partner, you can focus your energy on other important things — like keeping yourself healthy — and let us handle the health of your data.