Why Are Hackers After Healthcare Records?

Information hacked from a financial institution or a bank is quickly rendered useless once the data breach is exposed and passwords are modified. On the other hand, classified information from the healthcare industry contains not only personal identity but also patients’ medical histories that last a lifetime.

It is predicted that data breaches in hospitals will cost the medical fraternity more than $300 billion in the next five years and one in 12 patients would have their personal information compromised by a data breach, according to noted industry consultants.

A recent study revealed that since early 2010, the medical data of more than 150 million Americans were compromised without their knowledge in over 1400 data breaches. The conclusions of the study revealed that the healthcare industry is specifically vulnerable to data breaches and privacy hacks.

Data contained in healthcare records is a minefield of valuable information as it not only includes the patient's healthcare histories, but also their Social Security numbers and home addresses. All data hacked by cyber criminals are usually sold for a premium to rival companies or on the illegal-market and hence there is a huge motive to concentrate attacks on the health care industry given the valuable information that records hold.

In recent times, there has been a greater focus and push towards integrated care, wherein healthcare information is now being disseminated among various kinds of entities in which a number of employees can gain access to patient information.

A comprehensive access to healthcare records of patients substantially enhances the likelihood of data breaches. At the same time, in order to comply with legal demands, the medical fraternity tends to give detailed patient history for a number of years. Hence, the likelihood of a data hack, and the probable severity of the outcome, also increases, based on the information stored and the length of time it is hived-away.

In recent times, the healthcare industry has been barraged by a number of persistent attacks and sophisticated threats from cyber criminals in the form of ransomware.

Recently, a cyber-criminal claimed to have stolen the entire database of more than two US healthcare organisations and from an insurer, thus holding over 8 million healthcare records of patients over ransom, and demanding more than $500,000 in bitcoins.

In another incident, a medical centre in Los Angeles paid over US$50,000 to cyber hackers who incapacitated their computer systems.

In other cases it is seen that cyber-criminals also go in for affiliated vendors of hospitals and insurers that service the healthcare industry.

Ideally, it can be relatively simple to defend against ransom ware; only current backups should be kept off-line by insurers, affiliated vendors and healthcare providers and when a data breach does take place, these backups can be used to reinstate the information.

Unfortunately, the healthcare industry has not been as fast as the rest of the other industries in educating their staff regarding the dangers of data breaches and who would be able to manage and access critical systems to restore and store classified information. It is important for hospitals and healthcare centres to be proactive about data security as data breaches are likely to get more sophisticated in the coming days.

Analysts and security experts opine that rather than focusing on strengthening external defenses and perimeter security such as firewalls and antivirus software, data encryption and document protection are the best forms of cyber security measures.

And more importantly the instruction within every healthcare centre should be that data and document security becomes everybody's business and not just the IT department's concern.

TGDaily:  

British NHS Hospital Trust Under Cyber Attack:             Healthcare Industry Lacks Basic Security Knowhow:

 

« Kaspersky Lab Employee Arrested On Treason Charges
Big Data Analysis – Now Used For Politics… »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

EclecticIQ

EclecticIQ

EclecticIQ is a global provider of threat intelligence, hunting and response technology and services.

2Secure

2Secure

2Secure is one of Sweden's largest private security companies. Service inlcude personal security, corporate security, information and cyber security.

Dubex

Dubex

Dubex is Denmark's leading business-oriented IT security specialist.

Recorded Future

Recorded Future

Recorded Future arms security teams with threat intelligence powered by patented machine learning to lower risk.

Tevora

Tevora

Tevora is a specialized management consultancy focused on cyber security, risk, and compliance services.

RIGCERT

RIGCERT

RIGCERT provides training, audit and certification services for multiple fields including Information Security.

Eperi

Eperi

Eperi is a leading provider of Cloud Data Protection (CDP) solutions with 15 years of experience in data encryption for databases, (SaaS) applications and files.

Beazley

Beazley

Beazley are a specialist insurer with three decades of experience in providing clients with the highest standards of underwriting and claims service worldwide.

Brighterion

Brighterion

Brighterion solutions stop payment and acquirer fraud, reduce credit risk and delinquency, fight financial crime, prevent healthcare fraud, waste and abuse, and more.

FortifyIQ

FortifyIQ

FortifyIQ's mission is to advance maximum security against side-channel attacks across the entire computing spectrum.

LocateRisk

LocateRisk

LocateRisk provides more efficiency, transparency and comparability in IT security with automated, KPI-based IT risk analyses.

Bright Pixel Capital

Bright Pixel Capital

Bright Pixel Capital is a venture capital company with a focus on Cybersecurity, Retail Technologies, Digital Infrastructure and Emerging Technologies.

Thunder Shield Security

Thunder Shield Security

Thunder Shield is a professional cyber security service provider of penetration test, source code review and security assessment services.

Synagex

Synagex

Synagex Modern IT is a simple IT and cybersecurity solution for businesses.

Cyber Intell Solution (CIS)

Cyber Intell Solution (CIS)

Cyber Intell Solution provide expert consulting, specialized products, and tailored operational services to governmental and corporate industry worldwide.

Tuskira

Tuskira

Tuskira is a Preemptive Cyber Defense & Response Platform powered by Agentic AI, designed to go beyond traditional vulnerability management.