It’s no secret that cyberattacks are happening more frequently and with greater sophistication, especially in industries like healthcare and automotive dealerships. These industries rely heavily on technology, generate significant revenue, and hold sensitive private data, making them prime targets for cybercriminals.
For organizations in these industries, it’s imperative to take proactive steps to prevent cyberattacks. With the average cost to resolve a data breach at an all-time-high of $4.88 million, it’s not just a matter of principle to embrace a culture of cybersecurity — it’s also a matter of protecting your bottom line.
To highlight the importance of cybersecurity in these industries, Rehmann cybersecurity expert, Jessica Dore, sat down with Rehmann advisors, Matthew Barczak and Ryan Wichmann, who specialize, respectively, in the unique financial and operational workings of healthcare practices and car dealerships. They discussed what these organizations can do to stay protected from cyber threats.
Healthcare Practices: A Prime Target
There’s been a drastic increase in the prevalence of cyberattacks against healthcare organizations. Recent incidents against Change Healthcare and Ascension are examples of what can happen if a breach occurs.
Change Healthcare, a critical intermediary for insurance claims, suffered a ransomware attack earlier in 2024. Matthew said, “[the ransomware attack] shut down all their systems and the perpetrators stole approximately four terabytes of data; a ton of sensitive patient information was involved with this. They were held ransom for a reported $22 million. Ultimately, practices that were relying on these payments had to more or less float their cash flow… because these payments weren’t being processed.”
Similarly, Ascension Health experienced a phishing cyberattack. Matthew said, “An employee tried to download a file – thinking it was legit – and it allowed the hackers to get into their systems. It shut their electronic medical records (EMR) down for six weeks, a significant period of time for these hospital systems to be shut down. [care providers] had to do paper charting, diagnose, and handle patients via paper without the electronic efficiencies that they were used to. It reduced patient volume by 10% during those six weeks and there were also reports of nurses and patients alike saying that the care dropped dramatically. “
Preventing Breaches Against Healthcare Practices
To prevent such breaches, healthcare practices must, at the bare minimum, prioritize HIPAA compliance. HIPAA violations can be costly and have the potential to ruin a practices’ reputation. Additional steps to bolster cyber defenses include regular cybersecurity training for employees, enabling multifactor authentication for healthcare practice accounts, and purchasing a cyber insurance policy.
Taking these proactive steps can significantly reduce the chances of a breach occurring and contribute to the success of your organization.
Auto Dealers: Vulnerabilities and Lessons Learned
Auto dealers are no stranger to cyberattacks. Just recently, Ryan said, “There was a large ransomware attack on June 19th of this year against CDK, the second largest dealer management system. That covers everything from accounting, payroll, buying cars from the manufacturer, selling new or used cars, and even service… everything went back to paper and pen.”
This breach disrupted operations in 15,000 dealerships for three weeks, resulting in an estimated $1 billion in financial losses.
The attack led to a reported $25 million ransom, paid in Bitcoin, and forced dealerships to revert to manual processes, causing substantial disruptions to dealers’ operations.
Preventing Breaches Against Auto Dealers
To mitigate such risks, auto dealers must focus on proactive steps to prevent the attacks from happening in the first place. Ryan said, “Dealerships need to start assessing their current cybersecurity protections by conducting penetration testing, instituting awareness training for employees, and purchasing cyber insurance.
Additionally, performing due diligence on a vendors’ systems can provide dealerships with better information when making operations decisions. The increasing competition among third-party providers has prompted improvements in cybersecurity practices, but continuous due diligence is necessary.
How Organizations in All Industries can Protect Themselves
Organizations across all industries must adopt proactive cybersecurity measures to safeguard against evolving threats. Regular employee training, multifactor authentication, and independent assessments of security controls are essential strategies to mitigate cyber risks. Understanding and adhering to the requirements of cybersecurity insurance policies is also crucial to ensure coverage in the event of a breach.
The rising threat of cyberattacks highlights the importance of staying ahead of cybercriminals and ensuring that all necessary precautions are in place. By adopting a proactive approach, organizations can better protect themselves and their clients from the growing threat of cyberattacks. Visit the Rehmann Cybersecurity Hub to learn more.