Aaron Painter, the CEO of Nametag Inc., a company focused on identity verification for online accounts, has highlighted the urgent need for healthcare companies to improve their cybersecurity measures in order to protect patient safety. He emphasizes that the healthcare industry is facing increasing risk from cyberattacks, including sophisticated social engineering tactics used in ransomware attacks, which could have deadly consequences for patients if left unchecked.
The U.S. Department of Health’s Health Sector Cybersecurity Coordination Center (HC3) recently issued a warning about the targeting of IT helpdesks in healthcare organizations by threat actors using advanced social engineering tactics. This has resulted in significant disruptions for companies like Change Healthcare, MGM, and Clorox, with the full extent of the damages still being determined by law enforcement agencies.
Social engineering attacks involve threat actors impersonating real employees using stolen or leaked credentials to gain access to corporate systems and data. The use of AI voice cloning technology has further elevated the sophistication of these attacks, making it increasingly challenging for helpdesk staff to detect and prevent unauthorized access.
Healthcare organizations are particularly vulnerable to cyberattacks due to the lack of sophisticated fraud detection methods compared to the financial sector. Ransomware attacks targeting medical records are highly profitable for threat actors, as the demand for stolen medical records on the dark web far exceeds that of stolen credit cards. This makes healthcare organizations prime targets for cybercriminals looking to exploit patient data for financial gain.
The repercussions of cyberattacks on healthcare organizations can be devastating, both financially and in terms of patient care. For example, Change Healthcare’s decision to pay a $22 million ransom to restore operations resulted in daily losses of $100 million for healthcare providers. The continued threats of cyber extortion highlight the urgent need for healthcare providers to enhance their cybersecurity measures to protect patient safety and maintain operational continuity.
To combat social engineering attacks targeting IT helpdesks, healthcare organizations are advised to implement security measures such as requiring callbacks for password resets, monitoring for suspicious transactions, and training helpdesk staff to identify and report social engineering techniques. The adoption of advanced technologies, including AI, mobile cryptography, machine learning, and biometric recognition, is essential to stay ahead of cybercriminals and safeguard patient data. Ultimately, investing in advanced cybersecurity tools should be a top priority for healthcare CIOs and CISOs to prevent cyberattacks and protect patient safety in the healthcare sector.
