top of page

Behavioral Health Providers Face Cybercrime Attacks as Demand Rises

Pondurance
June 7, 2021

The COVID-19 pandemic, lasting over a year in duration, provoked an increase in behavioral health issues. Extended periods of isolation, loss of loved ones to the virus, and continual fears of infection adversely affected the mental health of populations worldwide. The economic downturn caused by the pandemic further added stress and anxiety, with many facing job loss, difficulty paying for expenses, and an uncertain future.


Before the pandemic began, only about 1 in 10 U.S. adults reported symptoms of anxiety or depression (Figure 1). However, by January 2021, that figure increased to about 4 in 10 adults.


Source: KFF Health Tracking Poll - July 2020, KFF, July 27, 2020.


Behavioral health issues can manifest in a variety of ways. A July 2020 poll conducted by Kaiser Family Foundation, a nonprofit organization focusing on national health issues, showed adults reporting specific negative impacts on their mental health and well-being due to worry and stress over the pandemic, such as difficulty sleeping (36%) or eating (32%), increase in alcohol consumption or substance use (12%), and worsening chronic conditions (12%), such as diabetes or hypertension.


Historically, the behavioral healthcare industry operated in a fairly low-tech manner. Patients met providers in their offices face to face, notes and medical records were predominantly paper-based, and billing and payment were primarily manual processes. When the COVID-19 pandemic hit, the widespread shutdown of medical facilities and the mandates for social distancing brought the traditional method of mental health treatment to a near standstill, at a time when more people than ever needed services. 


It was in this dire circumstance that technology and dedicated behavioral health professionals rose to the occasion. The ongoing transition to digital health records, coupled with the rapid, widespread rollout and adoption of telemedicine programs using platforms like Zoom and online correspondence, placed technology front and center in treating mental health issues. BHCOE shares that “choosing the right technology to support your telehealth needs is important and the number of cameras, video conferencing platforms, and other tools can be overwhelming.” Clinicians who were initially reluctant to adopt these technologies found that there were several benefits, including: 


  • Clients were more comfortable when in their own homes during sessions.

  • Poor weather and travel problems were no longer issues.

  • Many people who mental health programs had historically underserved were now reachable and able to receive treatment. 


Many patients embraced remote telemedicine for behavioral health, claiming it felt more confidential and eliminated their potential embarrassment of bumping into someone they know in the waiting room at the provider’s office.


Unfortunately, as the pandemic drove a significant adoption of digital technology by the behavioral health industry, cybercriminals were presented with more opportunities to attack healthcare organizations. In 2020, the number of cyberattacks on healthcare more than doubled from the previous year, with ransomware accounting for 28% of all attacks. Attackers, driven by profit, see patient data as a prime target. They can monetize healthcare cybercrime data in multiple ways:


  • First, they can request ransom payments to restore access to patient data or other systems. If the ransom is not paid, they can hold patient data hostage, encrypting systems and stopping service from being delivered entirely.

  • Second, since behavioral healthcare records contain a large amount of personal identifiable information, the records are valuable on the black market and may be priced at up to $250 per record (compared to $5.40 for the next highest value record: a payment card).


How can mental health providers ensure that their clients’ personal health information is protected? Providers must acknowledge that patient data is incredibly valuable to cybercriminals. Ransomware attacks are the most obvious threat, but they can be a major decoy in a much larger scheme, such as establishing remote access to sensitive patient data to sell on the dark web for a much larger payoff.


While the primary focus of behavioral healthcare organizations should be on 24/7 care for the growing population of those suffering from mental health issues, the increase in healthcare cybercrime and new digital vulnerabilities must also be addressed. Knowing the risks, it is crucial that mental health providers continuously protect patient information and quickly detect and identify breaches in their networks before an attack is successful. 


With significant experience supporting national and regional healthcare providers, Pondurance Managed Detection and Response (MDR) provides the protection needed to combat cybercriminals cost-effectively, enabling behavioral healthcare providers to focus on their patients while remaining confident that patient data is secure and patient care is unaffected. Learn more about MDR services in our eBook 5 Things to Consider When Choosing an MDR Vendor.

Keep Reading

bottom of page