Why Are Hackers After Healthcare Records?

Information hacked from a financial institution or a bank is quickly rendered useless once the data breach is exposed and passwords are modified. On the other hand, classified information from the healthcare industry contains not only personal identity but also patients’ medical histories that last a lifetime.

It is predicted that data breaches in hospitals will cost the medical fraternity more than $300 billion in the next five years and one in 12 patients would have their personal information compromised by a data breach, according to noted industry consultants.

A recent study revealed that since early 2010, the medical data of more than 150 million Americans were compromised without their knowledge in over 1400 data breaches. The conclusions of the study revealed that the healthcare industry is specifically vulnerable to data breaches and privacy hacks.

Data contained in healthcare records is a minefield of valuable information as it not only includes the patient's healthcare histories, but also their Social Security numbers and home addresses. All data hacked by cyber criminals are usually sold for a premium to rival companies or on the illegal-market and hence there is a huge motive to concentrate attacks on the health care industry given the valuable information that records hold.

In recent times, there has been a greater focus and push towards integrated care, wherein healthcare information is now being disseminated among various kinds of entities in which a number of employees can gain access to patient information.

A comprehensive access to healthcare records of patients substantially enhances the likelihood of data breaches. At the same time, in order to comply with legal demands, the medical fraternity tends to give detailed patient history for a number of years. Hence, the likelihood of a data hack, and the probable severity of the outcome, also increases, based on the information stored and the length of time it is hived-away.

In recent times, the healthcare industry has been barraged by a number of persistent attacks and sophisticated threats from cyber criminals in the form of ransomware.

Recently, a cyber-criminal claimed to have stolen the entire database of more than two US healthcare organisations and from an insurer, thus holding over 8 million healthcare records of patients over ransom, and demanding more than $500,000 in bitcoins.

In another incident, a medical centre in Los Angeles paid over US$50,000 to cyber hackers who incapacitated their computer systems.

In other cases it is seen that cyber-criminals also go in for affiliated vendors of hospitals and insurers that service the healthcare industry.

Ideally, it can be relatively simple to defend against ransom ware; only current backups should be kept off-line by insurers, affiliated vendors and healthcare providers and when a data breach does take place, these backups can be used to reinstate the information.

Unfortunately, the healthcare industry has not been as fast as the rest of the other industries in educating their staff regarding the dangers of data breaches and who would be able to manage and access critical systems to restore and store classified information. It is important for hospitals and healthcare centres to be proactive about data security as data breaches are likely to get more sophisticated in the coming days.

Analysts and security experts opine that rather than focusing on strengthening external defenses and perimeter security such as firewalls and antivirus software, data encryption and document protection are the best forms of cyber security measures.

And more importantly the instruction within every healthcare centre should be that data and document security becomes everybody's business and not just the IT department's concern.

TGDaily:  

British NHS Hospital Trust Under Cyber Attack:             Healthcare Industry Lacks Basic Security Knowhow:

 

« Kaspersky Lab Employee Arrested On Treason Charges
Big Data Analysis – Now Used For Politics… »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

OSSEC

OSSEC

OSSEC is a scalable, multi-platform, open source Host-based Intrusion Detection System (HIDS).

Ideagen

Ideagen

Ideagen provides information management, safety, risk and compliance software solutions that allow organisations to achieve operational excellence, regulatory compliance and reduce risk.

H-11 Digital Forensics

H-11 Digital Forensics

H-11 Digital Forensics is a global leader of digital forensic technology.

Awake Security

Awake Security

Awake Security offer a security solution built on an AI platform that acts like the human brain to sense, detect, and respond to threats you may not even know exist.

Extreme Protocol Solutions (EPS)

Extreme Protocol Solutions (EPS)

Extreme Protocol Solutions is an industry leading Data Sanitization Software, Hardware and Onsite Service Provider.

Sompo International

Sompo International

Sompo International is a global specialty provider of property and casualty insurance and reinsurance services including Cyber & Network Risk.

German Accelerator

German Accelerator

German Accelerator supports high-potential German startups in successfully entering the U.S. and Southeast Asian markets.

Orchestra Group

Orchestra Group

Orchestra Group offer a unique integrated cybersecurity defense platform with proactive security policy management and enforcement orchestration.

AUREA Technology

AUREA Technology

The photon counter SPD_OEM_NIR from AUREA Technology is designed for quantum key distribution at telecom wavelengths.

drie

drie

drie is an end-to-end cloud services company based in Bahrain, Dubai and London. We enable businesses to adopt, scale on and build for cloud.

OmniCyber Security

OmniCyber Security

Omni is a cyber security firm specialising in Penetration Testing, Managed Security and Compliance.

TWC IT Solutions

TWC IT Solutions

Since 2011, TWC IT Solutions has offered managed IT Support, Cybersecurity, Disaster Recovery, Contact Centre and Business Connectivity services to clients across 24 countries globally.

Core Sentinel

Core Sentinel

Australia's #1 Penetration Testing Service. Make Your Systems Fully Compliant With Our OSCE CREST/CISA Certified Penetration Testing.

ClearHub

ClearHub

The aim of ClearHub is simple: to give businesses like yours access to the best talent, all screened and technically tested by Clearvision’s expert team.

Sify Technologies

Sify Technologies

Sify is the largest ICT service provider, systems integrator, and all-in-one network solutions company on the Indian subcontinent.

5S Technologies

5S Technologies

5S Technologies is a regional IT solutions and services provider based in Cary, NC and serving the Carolinas.