Not long ago, Social Security numbers were highly valued commodities among cyberthieves. Today, the golden goose is a patient’s health record.
And that makes long-term care targets prime for attack, cybersecurity experts say.
“The overall number of breaches and the size of breaches are growing every year,” said Jerry Dennany, chief technology officer for MatrixCare. Reported bounty in 2022 included over 28.5 million healthcare records, up from just over 21 million in 2019.
“The value on the ‘dark web’ for a healthcare record can be valuable as well, at up to $1,000 as compared to $1 for a Social Security number,” Dennany noted.
Meanwhile, ransomware attacks continue to be among the most popular — and profitable — in healthcare..
One of the most impactful healthcare attacks happened on Sept. 2, 2022, when hackers confiscated vital data of more than 4.2 million patients managed by Florida-based Independent Living Systems, a vendor of clinical and third-party administrative services to managed care organizations serving elderly and disabled patients.
“The ripple effect included many residents covered by various long-term care providers in SNF and hospice care settings,” said Dennany. “This breach occurred last summer but was only recently discovered, and the complete impact is not yet known.”
LeadingAge’s recent assessment of the growth in ransomware attacks in long-term care shows how the attacks are as insidious as they are disruptive.
“They’re becoming more extensive, frequent and sophisticated,” said Scott Code, vice president of LeadingAge Center for Aging Services Technologies. “They’re exposing even more patients’ personal health information.”
Ed Guadet, CEO and founder of Censinet explains, there are several vulnerabilities associated with infrastructure, data security, and privacy that long-term care organizations need to be aware of. These include: Lack of proper security controls such as firewalls and intrusion detection; human error, such as clicking on a phishing link; and giving haphazard access to unvetted third-party vendors and suppliers.
