Smaller hospitals are often how cyberattackers and nation states gain access to health system networks to steal IP, deploy ransomware or scour data to sell on the dark web, according to new research from cybersecurity firm CyCognito.
The firm’s latest research studied health systems with more than $1 billion in revenue and more than 19 hospitals.
Healthcare IT News interviewed Rob Gurzeev, CEO and founder of CyCognito, to discuss the results of his firm’s latest research, including why smaller hospitals are entry points for bad actors, how health systems are increasing risk by not paying their smaller entities enough attention, exactly how threat actors are using these points for entry, and how health systems can get a handle on extended attack surfaces.
Q. Your research found that smaller hospitals are often the entry point for bad actors to get in and steal intellectual property, issue ransomware or sell data on the dark web. Why is this?
A. Our research looked at subsidiary organizations such as the smaller hospitals, clinics, healthcare service providers and facilities that a larger health system may acquire, or, at times, divest, as they grow. Baker Tilley, one of the…
