Overwhelming Cyber Attacks On Healthcare

Uploaded on 2016-10-19 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Health & Welfare

US Healthcare organisations are struggling to find ways to manage the risks of massive data breaches, which have proven hard to detect, often taking months to discover.

In 1996 the US Health Insurance Portability and Accountability Act (HIPAA) was enacted. The Accountability portion of the law requires that healthcare providers protect the privacy of patient health information and includes security measures that must be followed. Provider success has been mixed and has recently come under intense scrutiny due to the number and size of reportable breaches of health information.

There are several major contributors to this increase. The first is the passage of the American Recovery and Reinvestment Act of 2009. The ARRA included the formation of the Health Information Technology for Economic and Clinical Health Act (HITECH). It also made permanent the Office of the National Coordinator for Healthcare Information Technology (ONC) to set policy and standards and establish procedures to guide and measure the success of the implementation of electronic health records.

Creating EHR systems requires storing a large amount of confidential patient information in multiple information systems and allowing thousands of users and other systems to access those databases.

Adding to the difficulty of securing this data is the increasing number of criminal attacks and HIPAA violations because of the rising value of health information. For many criminals, credit cards had been the target of choice. However, the value of a credit card is brief, as all transactions can be stopped immediately after the bank is aware of suspicious activity.

By contrast, the value of a medical record can be worth 30 times the value of a credit card on the black market. The reason is that the health records contain enough information to create a complete identify for the purpose of opening accounts, obtaining loans, creating passports and stealing healthcare services. The most valuable records include expired patients where identify theft may not be discovered for years.

In 2016, the Ponemon Institute reported that during the last two years, 89 percent of all hospitals reported to the Office of Civil Rights at least one data breach, and 79 percent reported two or more. Many in the industry believe that almost every hospital has experienced multiple breaches.

In the battle to protect health information, many providers are simply outmanned and outgunned by the sophistication and resources of hackers. Some healthcare organisations experience thousands of attacks daily, some of which are likely to succeed in penetrating the perimeter defenses. Once inside, hackers have increased opportunity to steal user credentials that will move them up the security ladder and into the data systems that contain the most valuable information

After enough credentials are collected, it is simply a matter of slowly withdrawing information without triggering alerts. Ponemon reported in 2016 that it takes an average of 226 days to discover a breach and 69 more days to determine how it occurred and to stop the flow. It is safe to assume that after nearly ten months of access, there is little information left for the hacker to steal.

In addition to criminal hackers, hospitals must also contend with staff members using their credentials in an unauthorised manner. There are many reported instances of staff accessing records of co-workers, family or neighbors. The most publicized violations are stealing and selling celebrity health records to the media.

When a staff member is offered thousands of dollars for a single record, they may believe it’s worth the risk of being caught.

HealthDataManagement

 

« Women Suspected To Attempt Next Terror Attack
Stolen NSA Hacking Tools For Sale In Bizarre Auction »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

CloudEndure

CloudEndure

CloudEndure offers Disaster Recovery and Continuous Replication for the Cloud.

Trend Micro

Trend Micro

Trend Micro is a leader in hybrid cloud, endpoint, and network security solutions.

CloudPassage

CloudPassage

CloudPassage, a cloud security and compliance pioneer, safeguards cloud infrastructure for the world’s best-recognized brands.

Repository of Industrial Security Incidents (RISI)

Repository of Industrial Security Incidents (RISI)

RISI is a database of cyber security incidents that have (or could have) affected process control, industrial automation or SCADA systems.

TrustArc

TrustArc

TrustArc provide privacy compliance and risk management with integrated technology, consulting and TRUSTe certification solutions – addressing all phases of privacy program management.

Bolton Labs

Bolton Labs

Bolton Labs is a leading provider cybersecurity services, tools, and analysis for MSPs and organizations who want to scale their security offerings.

MAD Security

MAD Security

MAD Security is a premier provider of information and cybersecurity solutions that combine technology, managed security services, support and training.

Ekran System

Ekran System

Ekran System is an advanced insider threat detection solution for companies of any size.

Cyber Security Jobs

Cyber Security Jobs

Cyber Security Jobs was formed to help job seekers find jobs and recruiters fill cyber security job vacancies.

SmartContractAudits.com

SmartContractAudits.com

SmartContractAudits.com is the leading platform for finding companies providing smart contract auditing services.

Corsha

Corsha

Corsha is on a mission to simplify API security and allow enterprises to embrace modernization, complex deployments, and hybrid environments with confidence.

Talion

Talion

Talion aim to reduce the complexity involved in securing your organisation and to give security teams unrivalled visibility into their security operations, so they can make optimal decisions, fast.

BreachQuest

BreachQuest

BreachQuest brings together cybersecurity experts with decades of experience identifying security flaws, penetrating networks, and responding to incidents.

Avetta

Avetta

Avetta One is the industry’s largest Supply Chain Risk Management (SCRM) platform. It enables clients to manage supply chain risks and suppliers to prove the value of their business.

Ostrich Cyber-Risk

Ostrich Cyber-Risk

Ostrich Cyber-Risk is a risk management company that helps organizations reduce the complexity of identifying financial and operational risks related to your cybersecurity posture.

Resilience Cyber insurance

Resilience Cyber insurance

Resilience helps to improve cyber resilience by connecting cyber insurance coverage with advanced cybersecurity visibility and a shared plan to reinforce great cyber hygiene.