Healthcare News & Insights

Can mergers expose you to more cyberthreats?

Cybersecurity remains a top area of concern for most hospital leaders. And now there’s another reason to stay vigilant. 

487418823A new study by IDC Health Insights, a healthcare advisory and research firm, confirms what is most likely true at your facility — cybersecurity is a top priority among healthcare organizations.

Security concerns

And for good reason: This year has seen a large increase in the number of cyberthreats, hackings and data breaches among organizations.

Researchers surveyed 100 organizations and found that:

  • 100% of respondents had experienced a cyberattack in the last year
  • 39% said they experienced at least 10 cyberattacks, and
  • 27% reported that the attacks were successful.

As a result, nearly 60% of facilities said they increased cybersecurity spending in the last three years to try and keep up with the growing threats.

Unexpected vulnerability

As your facility uses more technology in more settings, you’ll have to address and protect those new access points from cyberattack. Regular risk assessments can help your facility stay protected as it leverages health IT in new ways.

But in order for those risk assessments to be fully effective, hospitals leaders need to consider unconventional ways a hacker might gain access into your system — especially because they may not only be looking for patients’ protected health information (PHI).

FireEye, a security  firm, recently released a report about a group of hackers called FIN4 it’s been tracking. The group uses spear phishing methods to gain access to hospital employees’ emails and uncover sensitive business information it can profit from.

Specifically, the group is targeting high-level employees and business partners involved in ongoing mergers and acquisitions between publicly-traded facilities. Fin4 frequently targets:

  • C-suite executives and senior leadership
  • legal counsels
  • regulatory, risk and compliance personnel, and
  • researchers and others involved in advisory roles.

More reason to choose carefully

To guard against threats like FIN4, it may be beneficial to for hospital leaders to undergo security training so they can learn how to identify phishing schemes. FIN4 uses common executive and financial language to trick people into believing they’ve received a legitimate email.

Cases like this are also another reason why hospitals have to be careful when picking their business associates. Research has shown hospital partners often lack a full understanding of complying with security rules or how to thoroughly conduct security risks.

That’s why it’s important that hospital leaders hold their business associates accountable for these kind of preventive tasks.

Subscribe Today

Get the latest and greatest healthcare news and insights delivered to your inbox.