Why Are Hackers Increasingly Targeting the Healthcare Industry?

Slashdot reader Orome1 shares an article by Bitdefender's senior "e-threat analyst," warning about an increasing number of attacks on healthcare providers: In general, the healthcare industry is proving lucrative for cybercriminals because medical data can be used in multiple ways, for example fraud or identity theft. This personal data often contains information regarding a patient's medical history, which could be used in targeted spear-phishing attacks...and hackers are able to access this data via network-connected medical devices, now standard in high-tech hospitals. This is opening up new possibilities for attackers to breach a hospital or a pharmaceutical company's perimeter defenses.

If a device is connected to the internet and left vulnerable to attack, an attacker could remotely connect to it and use it as gateways for attacking network security... The majority of healthcare organizations have often been shown to fail basic security practices, such as disabling concurrent login to multiple devices, enforcing strong authentication and even isolating critical devices and medical data storing servers from a direct internet connection.
The article suggests the possibility of attackers tampering with the equipment that dispenses prescription medications, in which case "it is likely that future cyber-attacks could lead to the loss of human life."

of course

[turkeydance]

that's where the money is today.

Re:of course

[Fire_Wraith]

It's a combination of three things, most of which have been touched on in various posts by others here:

1: There's a lot of money in it.
2: The healthcare industry can't afford downtime or failures, so they pay up quickly.
3: Insurance covers a lot of it.
4: Generally poor security practices make it easier, on top of all that (typical of an industry that hasn't been targeted a lot in the past, their security is focused on other things, to the extent they have it).

So in summary, it's a relatively large/easy target, with lots of money, that can't afford downtime. The only surprising thing is that it took this long to become a target.

I think this is about a third of it

[s.petry]

Two things missing from your summary. First, the health care industry now has to hold massive amounts of data on you, and has to make it available to the Government. This is the price of government mandated and controlled insurance. All of this data makes it simple to steal your identity, which ties into our second item.

Second item: Profit. In addition to using your prescription coverage for codeine, big ticket items are being charged to people because identity theft is so easy. Within the last month or so,. two people hit with tens of thousands of dollars in co-pay for major surgery, and another was hit with fees from a transplant. All of which were done to other people. A bit of investigation determined that the people bought insurance on the black market for their procedures. The better the insurance being stolen, the higher price it retrieves. Shame on the US for using a SSN for nearly everything.