Overwhelming Cyber Attacks On Healthcare

Uploaded on 2016-10-19 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Health & Welfare

US Healthcare organisations are struggling to find ways to manage the risks of massive data breaches, which have proven hard to detect, often taking months to discover.

In 1996 the US Health Insurance Portability and Accountability Act (HIPAA) was enacted. The Accountability portion of the law requires that healthcare providers protect the privacy of patient health information and includes security measures that must be followed. Provider success has been mixed and has recently come under intense scrutiny due to the number and size of reportable breaches of health information.

There are several major contributors to this increase. The first is the passage of the American Recovery and Reinvestment Act of 2009. The ARRA included the formation of the Health Information Technology for Economic and Clinical Health Act (HITECH). It also made permanent the Office of the National Coordinator for Healthcare Information Technology (ONC) to set policy and standards and establish procedures to guide and measure the success of the implementation of electronic health records.

Creating EHR systems requires storing a large amount of confidential patient information in multiple information systems and allowing thousands of users and other systems to access those databases.

Adding to the difficulty of securing this data is the increasing number of criminal attacks and HIPAA violations because of the rising value of health information. For many criminals, credit cards had been the target of choice. However, the value of a credit card is brief, as all transactions can be stopped immediately after the bank is aware of suspicious activity.

By contrast, the value of a medical record can be worth 30 times the value of a credit card on the black market. The reason is that the health records contain enough information to create a complete identify for the purpose of opening accounts, obtaining loans, creating passports and stealing healthcare services. The most valuable records include expired patients where identify theft may not be discovered for years.

In 2016, the Ponemon Institute reported that during the last two years, 89 percent of all hospitals reported to the Office of Civil Rights at least one data breach, and 79 percent reported two or more. Many in the industry believe that almost every hospital has experienced multiple breaches.

In the battle to protect health information, many providers are simply outmanned and outgunned by the sophistication and resources of hackers. Some healthcare organisations experience thousands of attacks daily, some of which are likely to succeed in penetrating the perimeter defenses. Once inside, hackers have increased opportunity to steal user credentials that will move them up the security ladder and into the data systems that contain the most valuable information

After enough credentials are collected, it is simply a matter of slowly withdrawing information without triggering alerts. Ponemon reported in 2016 that it takes an average of 226 days to discover a breach and 69 more days to determine how it occurred and to stop the flow. It is safe to assume that after nearly ten months of access, there is little information left for the hacker to steal.

In addition to criminal hackers, hospitals must also contend with staff members using their credentials in an unauthorised manner. There are many reported instances of staff accessing records of co-workers, family or neighbors. The most publicized violations are stealing and selling celebrity health records to the media.

When a staff member is offered thousands of dollars for a single record, they may believe it’s worth the risk of being caught.

HealthDataManagement

 

« Women Suspected To Attempt Next Terror Attack
Stolen NSA Hacking Tools For Sale In Bizarre Auction »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Cognizant

Cognizant

Cognizant offer services and solutions for IT Infrastructure Security, Enterprise Mobility and Internet of Things.

mnemonic

mnemonic

mnemonic helps businesses manage their security risks, protect their data and defend against cyber threats.

Cybertekpro

Cybertekpro

Cybertekpro is a specialist insurance broker providing Cyber Liability insurance and cyber risk assessment services.

7 Elements

7 Elements

7 Elements is an independent IT security testing company providing expertise in technical information assurance through security testing, incident response and consultancy.

InstaSafe Technologies

InstaSafe Technologies

InstaSafe®, a Software Defined Perimeter based (SDP) one-stop Secure Access Solution for On-Premise and Cloud Applications.

WiJungle

WiJungle

WiJungle is an Indian Cyber Security Company that develops and markets a unified network security gateway solution.

RiskRecon

RiskRecon

RiskRecon makes it easy to gain deep, risk contextualized insight into the cybersecurity risk performance of all of your third parties.

Outsource UK

Outsource UK

Outsource UK is an independent recruitment company supplying highly-skilled technology, change and engineering talent to clients within a range of specialist sectors including Cyber Security.

Datenschutz Schmidt

Datenschutz Schmidt

Datenschutz Schmidt is a service provider with many years of experience, we support you in complying with numerous data protection guidelines, requirements and laws.

SnapAttack

SnapAttack

SnapAttack is a collaborative platform that empowers your security team to stay ahead of threats, create robust behavioral analytics for your existing tools, and prove your program's effectiveness.

LocateRisk

LocateRisk

LocateRisk provides more efficiency, transparency and comparability in IT security with automated, KPI-based IT risk analyses.

Cufflink

Cufflink

Cufflink makes your business more secure, compliant and trusted. We limit the likelihood and impact of a data breach by controlling exactly what can and can't be done with personal data.

Cloud Seguro

Cloud Seguro

Cloud Seguro are leaders in the development of cloud solutions, Ethical Hacking, Privacy and Information Security.

Trustmarque

Trustmarque

Trustmarque delivers customer-centric IT solutions that enable better outcomes. We combine the technology, expertise and services to release value at every stage of the IT lifecycle.

Codenotary

Codenotary

Codenotary provide a comprehensive suite of verification and enforcement services to guarantee the integrity of your software throughout its entire lifecycle.

TriVigil

TriVigil

TriVigil offer a full-service, comprehensive cybersecurity approach specifically tailored to meet the unique needs of educational institutions.