Why Are Hackers After Healthcare Records?

Uploaded on 2017-02-03 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Health & Welfare

Information hacked from a financial institution or a bank is quickly rendered useless once the data breach is exposed and passwords are modified. On the other hand, classified information from the healthcare industry contains not only personal identity but also patients’ medical histories that last a lifetime.

It is predicted that data breaches in hospitals will cost the medical fraternity more than $300 billion in the next five years and one in 12 patients would have their personal information compromised by a data breach, according to noted industry consultants.

A recent study revealed that since early 2010, the medical data of more than 150 million Americans were compromised without their knowledge in over 1400 data breaches. The conclusions of the study revealed that the healthcare industry is specifically vulnerable to data breaches and privacy hacks.

Data contained in healthcare records is a minefield of valuable information as it not only includes the patient's healthcare histories, but also their Social Security numbers and home addresses. All data hacked by cyber criminals are usually sold for a premium to rival companies or on the illegal-market and hence there is a huge motive to concentrate attacks on the health care industry given the valuable information that records hold.

In recent times, there has been a greater focus and push towards integrated care, wherein healthcare information is now being disseminated among various kinds of entities in which a number of employees can gain access to patient information.

A comprehensive access to healthcare records of patients substantially enhances the likelihood of data breaches. At the same time, in order to comply with legal demands, the medical fraternity tends to give detailed patient history for a number of years. Hence, the likelihood of a data hack, and the probable severity of the outcome, also increases, based on the information stored and the length of time it is hived-away.

In recent times, the healthcare industry has been barraged by a number of persistent attacks and sophisticated threats from cyber criminals in the form of ransomware.

Recently, a cyber-criminal claimed to have stolen the entire database of more than two US healthcare organisations and from an insurer, thus holding over 8 million healthcare records of patients over ransom, and demanding more than $500,000 in bitcoins.

In another incident, a medical centre in Los Angeles paid over US$50,000 to cyber hackers who incapacitated their computer systems.

In other cases it is seen that cyber-criminals also go in for affiliated vendors of hospitals and insurers that service the healthcare industry.

Ideally, it can be relatively simple to defend against ransom ware; only current backups should be kept off-line by insurers, affiliated vendors and healthcare providers and when a data breach does take place, these backups can be used to reinstate the information.

Unfortunately, the healthcare industry has not been as fast as the rest of the other industries in educating their staff regarding the dangers of data breaches and who would be able to manage and access critical systems to restore and store classified information. It is important for hospitals and healthcare centres to be proactive about data security as data breaches are likely to get more sophisticated in the coming days.

Analysts and security experts opine that rather than focusing on strengthening external defenses and perimeter security such as firewalls and antivirus software, data encryption and document protection are the best forms of cyber security measures.

And more importantly the instruction within every healthcare centre should be that data and document security becomes everybody's business and not just the IT department's concern.

TGDaily:  

British NHS Hospital Trust Under Cyber Attack:             Healthcare Industry Lacks Basic Security Knowhow:

 

« Kaspersky Lab Employee Arrested On Treason Charges
Big Data Analysis – Now Used For Politics… »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Puppet

Puppet

Puppet is a leader in IT automation. Our software helps DevOps securely automate configuration and management of machines and the software running on them.

Thales

Thales

Thales provides solutions, services and products that help its customers in the defence, aeronautics, space, transportation and digital identity and security markets to fulfil their critical missions.

Allegro Software

Allegro Software

Allegro provide secure software for the Internet of Things.

Heimdal Security

Heimdal Security

Heimdal Security provides proactive protection against cyber threats including ransomware, exploit kits and financial malware.

Neowave

Neowave

Neowave designs, manufactures and markets strong authentication solutions based on smart card components and digital certificates.

State e-Government Agency (SEGA) - Bulgaria

State e-Government Agency (SEGA) - Bulgaria

The State e-Government Agency (SEGA) is responsible for matters relating to electronic governance in Bulgaria.

AimBrain

AimBrain

AimBrain tools detect and prevent fraud, faster and more accurately than ever before.

ThirdWatch

ThirdWatch

ThirdWatch is a Data Science company with real-time automated fraud prevention solutions.

SYSGO

SYSGO

SYSGO is the leading European provider of real-time operating systems for critical embedded applications in the Internet of Things (IoT).

Attack Research

Attack Research

We go far beyond standard tools and scripted tests. Find out if your network or technology can stand real-world and dedicated attackers.

Agile Underwriting

Agile Underwriting

Agile, an underwriting agency, insurtech and Coverholder at Lloyd's, provides niche insurance products across Aviation, Marine & Cargo, Cyber and Financial Lines.

PCI Security Standards Council (PCI SSC)

PCI Security Standards Council (PCI SSC)

The PCI Security Standards Council is a global forum that brings together payments industry stakeholders to develop and drive adoption of data security standards and resources for safe payments.

Zeus Cloud

Zeus Cloud

Zeus Cloud provide clients with world-class web hosting services to businesses both big and small.

Vana Solutions

Vana Solutions

Vana Solutions is an Information Technology Services company. We help commercial & federal organizations select, adapt, and integrate the right technology solution so you can move faster.

GIS Consulting (GISPL)

GIS Consulting (GISPL)

From General Data Protection Regulations to advanced Network Infrastructure Audits, GIS Consulting has established a reputation as one the leading cyber security companies in the industry.

Cynclair

Cynclair

Cybersecurity is a complex beast. And we're the beast-tamers. Our team thrives on deciphering the latest threats, building cutting-edge defenses, and making your digital world much safer.