It seems every day there is a new cyberattack hitting the news. The Continental Pipeline, and JBS Meat situations are the most recent events in an increasing wave of attacks against our country’s infrastructure. It is clear the frequency and severity of these attacks is not getting better. It is becoming evident there is an orchestrated attack on the systems that run our country, and health care is a vital part of how the country functions on a daily basis which makes health care a sector to be targeted by the bad guys.
There is danger in thinking “we are so small, that will never happen to us” because smaller providers are a favorite target of the second tier bad guys. The tools to carry out a cyberattack have been developed by a few large organizations who then sell the tools as SAS (software as a service). In other words, a smaller bad actor can simply purchase the tools developed by the large organizations and carry out its own attacks in an attempt to force companies into paying a ransom. These smaller bad actors tend to target smaller companies, and especially like to focus on small, even rural health care providers. The primary reason for this focus is the relative lack of sophistication of the information systems smaller providers tend to have, and the fact health care providers are in the business of taking care of people 24 hours a day so the need to access data is vital. This need for access to information leads to the payment of the requested ransom more often than not which makes small health care providers a “target rich environment” in the eyes of the bad guys.
The moral of the story is, never think it won’t happen to your organization. Investing the time and resources to ensure the system is secure will pay great dividends in preventing the cyberattack you want to avoid.