As ransomware and phishing attacks escalate against healthcare organizations, many are taking proactive steps to reduce the risk of becoming the next victim. One option for doing so can also address another serious industry concern that has not generated the same headlines – a rise in threats, harassment and violence against healthcare workers.
New research from Barracuda Networks (July 2024) confirms that the ransomware risk has never been more prevalent. More than 20% of ransomware attacks targeted healthcare in the past 12 months, up from the previous year. Many of these attacks have impeded patient care, including delayed surgeries and prescriptions.
Heightened IT security and hardened servers have shifted hackers into a new and more effective means of delivering a ransomware payload – customized phishing emails enhanced by artificial intelligence. By accessing the personally identifiable information (PII) now easily accessible online, an email incorporating personal details to appear authentic can mislead even the most vigilant personnel in your organization. One click on a link in that email, and your systems are compromised.
The best defense against this type of breach is online privacy protection, which searches for and removes personnel PII from the internet, before it cannot be weaponized by ransomware gangs.
But for your public-facing employees, the danger of private information exposure extends beyond phishing and ransomware. According to the National Counterterrorism Innovation, Technology, and Education Center, the COVID-19 pandemic resulted in health care workers on the front lines of the response becoming targets for threats, amidst the confusion over protective measures and virus misinformation. A 2019 survey found that more than 20% experienced some form of online harassment such as doxing - the release of personal information on the internet.
While the COVID threat has declined, the threats have not. In 2022, a co-director at the University of Wisconsin-Madison's UW Health gender services had personal information released after appearing in a video describing gender-affirming medical interventions. That same year, a doctor who provided an abortion to a 10-year-old rape victim had his personal information dispersed. And in several major cities like Los Angeles, physicians have been threatened by gang members for treating rival gang members.
Mental health care professionals have been similarly targeted. “The biggest concern used to be a client following me home,” said one California social worker. “Today, any client can find my home address online with a five-minute Google search, putting my entire family in danger.”
How Did We Get Here?
As internet access and usage evolved, millions of Americans were eager to take advantage of its many conveniences – shopping online, paying bills online, staying in touch with friends. The internet didn’t ask for much in return – only a few personal details to register for an account: your home address, your phone number, your email address, and your date of birth. Most websites collected, shared, and sold that information. As of 2023, there are more than 5,000 data broker companies worldwide, still collecting personal information from more than 1,400 leading brands.
The internet can also amplify one person’s grievance against a doctor into a social media post read and shared by thousands, inciting widespread outrage and condemnation. It can happen to anyone at any time.
In 2021, Colorado made it illegal to share the personal information of public health workers after some received death threats and had their property vandalized. But even if the Colorado law is adopted by other states or at the federal level, it only punishes perpetrators after an incident. Online privacy protection offers a preventative solution that searches for and removes home addresses and other personal content before it can be exploited.
And while some healthcare professionals are targeted more frequently for working in specialties in the crosshairs of national debates, other practitioners and professionals are also facing hostility over recommended treatment options, or denial of health insurance coverage for certain procedures, or even resentment from patients who see a miracle drug advertised on television, that their doctor won’t prescribe for them.
Online privacy protection not only provides a common sense step toward reducing the risk of a data breach, it could also save the life of someone in your organization.
AUTHOR BIO:
Ron Zayas is an online privacy expert, speaker, author, and CEO of Ironwall by Incogni. Ironwall provides online privacy protection to both the public and private sectors. For more insight into online privacy laws, proactive strategies, and best online data practices, visit ironwall360.com. Connect with Ron at ron.z@360civic.com.
##
Link:
https://ironwall360.com/healthcare-ransomware-whitepaper?utm_source=beckers&utm_medium=sp_article
Sources:
https://www.infosecurity-magazine.com/news/healthcare-fifth-ransomware/
https://www.unomaha.edu/ncite/news/2023/01/health-care-doxing.php