12 March 2019
Medical records are more valuable than credit card details!
Cyber criminals are increasingly turning their attention to the medical profession.
The Information Commissioner’s Office reports that 43% of all UK data breaches occur in the medical sector. The high-profile ransomware attacks on NHS hospital trusts in 2017 are the visible tip of the iceberg. Whilst attacks on the private medical sector are not widely reported, figures demonstrate they are numerous and equally disruptive for both the practice and their patients.
Why do hackers regard private practice as a particularly juicy cash cow?
It’s simple. Medical records are worth far more than credit card data. They are a treasure trove of personal information – names, birth dates, national insurance numbers, policy numbers, billing data, in addition to personal diagnoses and images. The fraudsters can use this information to create fraudulent identities, launch phishing scams, lodge false insurance claims, obtain drugs and so on – all highly profitable enterprises. The diagnoses and sensitive images can be used for blackmail, with the added bonus that private practices not only serve wealthy clients but also many who are in the public eye.
Credit cards or bank accounts have a limited life for the fraudster. The bank can place a stop on them and their usefulness ends. Medical records are different. They cannot have a stop placed on them. They are there for eternity. So, they can be repeatedly resold over the long-term – data that keeps on giving!
The cherry on the cake for the cyber-criminal – if one were needed – is that private medical practices are some of the easiest networks to hack. They are likely to run outmoded software that is difficult, disruptive and expensive to update. The practices are there to care for patients. So, understandably, if the business choice is between an expensive piece of medical kit or a better firewall, it’s clear where the money is likely to be spent. Without the sophisticated protections now standard for most bank and corporate software, the criminals’ malware can not only infiltrate the practices’ systems easily but also lurk there undetected doing their work for longer.
And just to pile on the misery, as well as attack from outside, harm from within can be a problem. From a member of staff innocently clicking on a malicious link to a disaffected employee stealing or tampering with sensitive data.
How to mitigate the risk.
It is here that Centor’s expert cyber team can help. We can give you specialist advice to help you find the right cyber insurance for your practice – at a competitive price. Insurance that will assist in mitigating the costs of any attack and rebuilding brand trust.
James Groves, Commercial Team Assistant Manager comments:
“Even if a practice has the appropriate IT measures in place, they are still vulnerable. The target is attractive, so cyber-criminals are becoming ever more creative and sophisticated. The risks can be lessened, but no practice, however large or small, is immune. And, sadly, the outcome can be significant reputational damage and cost. That is why robust cyber insurance is vital, with other risk mitigation processes.”
For more information, get in touch with:
020 7330 8707