Product News

Find out about our new product features, the latest platform changes, and discover company announcements before anyone else.

Risk Management

Stay up to date on third-party risk management best practices and techniques, and learn about new regulations for third party risk.

Security Research

Keep up with research around the biggest data breaches, malware infections, IoT risks and all the latest news in cybersecurity.

The Healthcare Industry Currently Faces A Growing Cyber Security Crisis


Hospitals are where you go to get healthy, but they are increasingly becoming playgrounds for hackers, owing to weak cyber security measures. A couple of weeks ago, networks of the Hollywood Presbyterian Medical Center, a California-based hospital, were held hostage, reportedly to the tune of 9,000 bitcoin or over $3.6 million.

This isn’t a unique problem. In fact, a Forrester report from late last year predicted that such occurrences would begin happening with increasing regularity. A 2015 blog post writes that the research firm predicted that “2016 will be the year we see ransomware for a medical device or wearable.”


Cyber Security breach at Hollywood Presbyterian

Image 1: Main building of the Hollywood Presbyterian Medical Center


What happened in California isn’t exactly that, but it’s very close and similarly destructive. In this case, hackers gained access to the hospital’s network and locked the employees out via ransomware. This made it impossible for any employees to access the network until the attackers gave the okay. Anyone can fall prey to ransomware by seemingly innocuous tasks like simply downloading an assuming attachment.

But, as predicted by Forrester and highlighted by this saga, healthcare institutions are way behind the cyber security curve. Ethical hackers have proven over the last few years how easy it is to get into a health care network and wreak havoc. One team was in fact able to gain access inside an entire hospital’s network which, writes Kaspersky Lab, gave them “access to pretty much everything inside, including a number of devices for data storage and analysis.” This happened because network infrastructure was not properly set up.

In short, the healthcare industry is beginning to show signs that it’s not properly protected from digital attacks. And the repercussions are myriad: patients lose their privacy, health care businesses lose their data, and institutions are held hostage.

Healthcare Companies Need To Enforce Strict Cyber Security Controls

This will hopefully catalyze an industry-wide wakeup call. Healthcare companies deal with terabytes of personal and private information, and our data shows a great need for cyber security improvement.

For instance, according to our numbers,

  • 26.5% of all healthcare companies in the last thirty days had some sort of malware infection reported.
  • Some of the bigger healthcare companies, in fact, saw more than 200 infections in their system in that period.
  • Beyond malware, over 10% of these companies had email credentials showing on marketing lists, meaning it’s likely an employee will fall prey to a phishing attack.

Undoubtedly all companies wish to keep their data secure, but our findings show some real industry-wide pitfalls. We also looked at individual hospitals, and found similarly poor results.

In only a few minutes of searching, we were able to see a few compliance issues at a hospital in a major city.


cybersecurity compliace
cybersecurity compliace
Image 2: ISO questionnaire showing compliance issues using the SecurityScorecard Platform


Continuous Monitoring as First Line of Defense

In a perfect world, these issues wouldn’t exist. But the next best thing any business can do is check regularly for when problems do arise. The only way to handle the constant barrage of cyber security needs is to always be on the ball. The numbers show a need for greater cyber security awareness in the healthcare space. All of the problems we found were potential ways hackers could capitalize on poor security practices. Our platform allows customers to plainly see what sort of issues arise, making it possible for a fast response.

In the cyber security space there’s no panacea. But with the right tools, problems can be alleviated in a swift manner. The only way to be ahead of the curve is to integrate solutions that look from the outside in.

Over the next many years we are sure to see more examples of healthcare digital attacks. It’s surely giving a wakeup call to numerous industries that handle private data. At the same time, it’s important to make sure all your bases are covered. Don’t fall prey to the hacked hospital and be forced to pay hackers. Instead, adopt a security-first culture and keep an eye on your scorecard.

Learn How To Prevent Data Breaches From Your Unknown 3rd & 4th Party Vendors

See Automatic Vendor Detection in action

Watch Now!

What Security Experts Can Learn From The Illinois State University Hack
Automatic Vendor Detection - Do You Know Who Your Vendors Are?