Skilled nursing facilities and other healthcare providers are among the most frequently pursued cyberattack targets, largely because the data stored in their computer systems has become a lucrative currency to hackers. Yes, a currency.  

In fact, electronic health records contain the trifecta of hacker currency: Personal Health Information (PHI), Personal Identifiable Information (PII) and financial information. Hackers target healthcare organizations that don’t have the proper technical, physical and administrative safeguards in place. With such profitable incentives luring hackers to an industry widely known for weaker cybersecurity defenses, it is no wonder that news of a healthcare security breach or ransomware incident has become almost commonplace.   

Understanding both the mind and practices of a hacker can help SNF providers better recognize the risk and prepare a defense. 

While no two hackers are alike, hackers generally fall into two categories. One category includes hackers that ply their trade as a compulsive hobby, and are motivated by either an ideological cause or the thrill of outsmarting their victims. The other category practices hacking for strictly financial motives. Hackers typically use the following process to select their targets:

  • Reconnaissance — Hackers begin by researching public information about an organization to gather information about potentially lucrative victims.

  • Scan — Once a target is selected, hackers will use various technical tools and/or social engineering techniques to identify vulnerabilities which can be leveraged to gain access. These attempts are typically undetected by the target.

  • Gain access — Hackers then exploit vulnerabilities by employing malware to infect computers or networks or through entry points using compromised credentials.

  • Maintain access —  Hackers maintain entry points to allow continued access.

  • Cover track —  Hackers typically bury their tools deep within the network to allow continued access through a backdoor, and are often able to remove traces of their attack altogether.

The home office of a hacker is often the dark web, a layer of the internet that is not indexed by search engines. On the dark web, users can remain anonymous, share unlawful information, and conduct illegal business transactions.

Because the users are virtually untraceable, they are difficult to be detected or monitored by law enforcement. PHI, PII and financial information are juicy targets for hackers because they provide huge payoffs on the dark web, where hackers are able to openly promote their stolen wares. In fact, some cyber-risk experts have cited that one EHR can go for as high as $500 on the dark web!

The healthcare industry has a giant target on its back, and hackers are taking aim.  

Yet a lack of robust security controls in this critical infrastructure persists because healthcare organizations are focused on running their business in environments with limited resources and often a shortage of trained IT security personnel. The best strategy for SNFs is to recognize the risk and adopt a course of action that proactively defends, detects and denies cyberattacks and security breaches.

John DiMaggio is the CEO at Blue Orange Compliance