Healthcare Remains the Most Breached Sector in 2019: How Can Companies Protect Themselves?

Daniel Markuson, the digital privacy expert at NordVPN, provides four main tips on how to protect your healthcare organization from getting hacked....

It’s official: Healthcare remains the most breached industry in 2019. 32 million healthcare records were breached in the first half of this year, which is double the total for all of 2018. And there are no signs that cyberattacks in the healthcare industry are going to cease.

It seems that the size of an organization doesn’t matter as both large and small healthcare providers get breached. The difference is that big organizations have more data that hackers can sell, whereas small companies lack security resources, which makes them easier targets. But why has healthcare overtaken financial institutions as the top target for hackers?

Daniel Markuson, the digital privacy expert at NordVPN, says that cyberattacks against healthcare institutions are so popular because hackers see a great opportunity to get a ransom for their stolen information.

Medical records are very private and sensitive data, so no one wants theirs to get leaked and posted online. For example, early this year, confidential data, including the medical status of more than 14,000 people diagnosed with HIV, was stolen and leaked online in Singapore.

Besides private medical information, criminals can get their hands on other very important data. “Some data is even more sensitive than uncomfortable pictures or your medical history. That includes contact details (email, phone number, home address), social security numbers, and banking information. If stolen, this data can lead to financial troubles and even identity theft,” Daniel Markuson of NordVPN explains.

According to the expert, healthcare organizations make ideal prey for hackers, as many of them use outdated security software and continue to underinvest in cybersecurity. The healthcare industry invests only 4% – 7% of revenue in digital security initiatives. To compare, the financial sector, puts 15% of its revenue into cybersecurity.

To avoid a bad reputation and legal actions, healthcare organizations must make cybersecurity their top priority. Daniel Markuson, the digital privacy expert at NordVPN, provides four main tips on how to protect your healthcare organization from getting hacked:

Employee training. Human error, or employee negligence, is one of the main reasons that make organizations susceptible to cyberattacks. To prevent various failures of compliance, healthcare companies should invest in cybersecurity training. Employees should learn about data breaches from experts and get regular updates on recent trends. For example, members of staff need to get an understanding about phishing emails.  They should know not to click on any links, open any attachments, or perform any requests that come from questionable sources. This will prevent them from downloading malware or sharing sensitive information with impersonators.

Better password management. Passwords play the most important role when protecting a company’s files and data. Therefore, the best practice would be introducing password managers in your organizations. Such tools will generate strong and unique passwords and safely store them at the convenience of your staff. Passwords shouldn’t be shared among employees.

Encrypt your files. To protect your company’s documents from prying eyes and safely store them both on a computer and in the cloud, you need to encrypt them. This is especially handy when sharing confidential information with clients or among members of staff. If you use file encryption tools, like NordLocker, even if a hacker manages to steal important files, they will not be able to access their content.

Use a VPN. Healthcare organizations usually use an intranet for private internal communications. But when traveling, working remotely, or using public Wi-Fi, employees need a secure connection to access work resources. Here’s where a VPN (a virtual private network) comes into play. It creates a secure encrypted tunnel between your employee’s device and the internet — or your company’s server. That protects their connection from third-party access, should there be hackers ready to breach the system.