Overwhelming Cyber Attacks On Healthcare

Uploaded on 2016-10-19 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Health & Welfare

US Healthcare organisations are struggling to find ways to manage the risks of massive data breaches, which have proven hard to detect, often taking months to discover.

In 1996 the US Health Insurance Portability and Accountability Act (HIPAA) was enacted. The Accountability portion of the law requires that healthcare providers protect the privacy of patient health information and includes security measures that must be followed. Provider success has been mixed and has recently come under intense scrutiny due to the number and size of reportable breaches of health information.

There are several major contributors to this increase. The first is the passage of the American Recovery and Reinvestment Act of 2009. The ARRA included the formation of the Health Information Technology for Economic and Clinical Health Act (HITECH). It also made permanent the Office of the National Coordinator for Healthcare Information Technology (ONC) to set policy and standards and establish procedures to guide and measure the success of the implementation of electronic health records.

Creating EHR systems requires storing a large amount of confidential patient information in multiple information systems and allowing thousands of users and other systems to access those databases.

Adding to the difficulty of securing this data is the increasing number of criminal attacks and HIPAA violations because of the rising value of health information. For many criminals, credit cards had been the target of choice. However, the value of a credit card is brief, as all transactions can be stopped immediately after the bank is aware of suspicious activity.

By contrast, the value of a medical record can be worth 30 times the value of a credit card on the black market. The reason is that the health records contain enough information to create a complete identify for the purpose of opening accounts, obtaining loans, creating passports and stealing healthcare services. The most valuable records include expired patients where identify theft may not be discovered for years.

In 2016, the Ponemon Institute reported that during the last two years, 89 percent of all hospitals reported to the Office of Civil Rights at least one data breach, and 79 percent reported two or more. Many in the industry believe that almost every hospital has experienced multiple breaches.

In the battle to protect health information, many providers are simply outmanned and outgunned by the sophistication and resources of hackers. Some healthcare organisations experience thousands of attacks daily, some of which are likely to succeed in penetrating the perimeter defenses. Once inside, hackers have increased opportunity to steal user credentials that will move them up the security ladder and into the data systems that contain the most valuable information

After enough credentials are collected, it is simply a matter of slowly withdrawing information without triggering alerts. Ponemon reported in 2016 that it takes an average of 226 days to discover a breach and 69 more days to determine how it occurred and to stop the flow. It is safe to assume that after nearly ten months of access, there is little information left for the hacker to steal.

In addition to criminal hackers, hospitals must also contend with staff members using their credentials in an unauthorised manner. There are many reported instances of staff accessing records of co-workers, family or neighbors. The most publicized violations are stealing and selling celebrity health records to the media.

When a staff member is offered thousands of dollars for a single record, they may believe it’s worth the risk of being caught.

HealthDataManagement

 

« Women Suspected To Attempt Next Terror Attack
Stolen NSA Hacking Tools For Sale In Bizarre Auction »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Cyber Future Foundation (CFF)

Cyber Future Foundation (CFF)

CFF was established to create a cyberspace where digital commerce and innovation can thrive based on trust and respect to individual privacy.

SAI360

SAI360

SAI360 (formerly SAI Global) provide products and services for enterprise risk management including Governance, Risk & Compliance and Digital Risk solutions.

NetDiligence

NetDiligence

NetDiligence is a privately-held cyber risk assessment and data breach services company.

DefCamp

DefCamp

DefCamp is the most important annual conference on Hacking & Information Security in Central Eastern Europe.

iProov

iProov

iProov delivers authentication and verification simply and securely, based on a genuine one-time biometric.

IAR Systems

IAR Systems

IAR Systems are a frontrunner in a changing industry, and a future-proof software supplier enabling the IoT.

Extreme Protocol Solutions (EPS)

Extreme Protocol Solutions (EPS)

Extreme Protocol Solutions is an industry leading Data Sanitization Software, Hardware and Onsite Service Provider.

ChainSecurity

ChainSecurity

ChainSecurity provides products and services for securing smart contracts and blockchain protocols and conducts R&D in the areas of security, program analysis, and machine learning.

Cloudsine

Cloudsine

Cloudsine (formerly Banff Cyber Technologies) is a cloud technology company specializing in cloud adoption, security and innovation.

Connectria

Connectria

Connectria provides cloud hosting, remote monitoring, and compliant cloud security solutions and services to enterprises, medium and small businesses.

Sabat Group

Sabat Group

Sabat Group provide relationship-driven information security & cyber security recruiting services.

Canopius Group

Canopius Group

Canopius is a global specialty lines insurance and reinsurance company and one of the top 10 insurers in the Lloyd’s insurance market.

US Digital Corps

US Digital Corps

The U.S. Digital Corps is a new two-year fellowship for early-career technologists where you will work every day to make a difference in critical impact areas including cybersecurity.

Gridware

Gridware

Gridware is a specialised cybersecurity consultancy firm and an emerging global player in the cybersecurity intelligence and advisory field.

Beyon Cyber

Beyon Cyber

Beyon Cyber offer a complete portfolio of advanced solutions & services for cyber security in Bahrain.

Gibbs Consulting

Gibbs Consulting

Gibbs Consulting provides innovative, flexible, on-demand IT Services and IT Consulting that delivers value and successful outcomes for our clients.