Why Are Hackers After Healthcare Records?

Uploaded on 2017-02-03 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Health & Welfare

Information hacked from a financial institution or a bank is quickly rendered useless once the data breach is exposed and passwords are modified. On the other hand, classified information from the healthcare industry contains not only personal identity but also patients’ medical histories that last a lifetime.

It is predicted that data breaches in hospitals will cost the medical fraternity more than $300 billion in the next five years and one in 12 patients would have their personal information compromised by a data breach, according to noted industry consultants.

A recent study revealed that since early 2010, the medical data of more than 150 million Americans were compromised without their knowledge in over 1400 data breaches. The conclusions of the study revealed that the healthcare industry is specifically vulnerable to data breaches and privacy hacks.

Data contained in healthcare records is a minefield of valuable information as it not only includes the patient's healthcare histories, but also their Social Security numbers and home addresses. All data hacked by cyber criminals are usually sold for a premium to rival companies or on the illegal-market and hence there is a huge motive to concentrate attacks on the health care industry given the valuable information that records hold.

In recent times, there has been a greater focus and push towards integrated care, wherein healthcare information is now being disseminated among various kinds of entities in which a number of employees can gain access to patient information.

A comprehensive access to healthcare records of patients substantially enhances the likelihood of data breaches. At the same time, in order to comply with legal demands, the medical fraternity tends to give detailed patient history for a number of years. Hence, the likelihood of a data hack, and the probable severity of the outcome, also increases, based on the information stored and the length of time it is hived-away.

In recent times, the healthcare industry has been barraged by a number of persistent attacks and sophisticated threats from cyber criminals in the form of ransomware.

Recently, a cyber-criminal claimed to have stolen the entire database of more than two US healthcare organisations and from an insurer, thus holding over 8 million healthcare records of patients over ransom, and demanding more than $500,000 in bitcoins.

In another incident, a medical centre in Los Angeles paid over US$50,000 to cyber hackers who incapacitated their computer systems.

In other cases it is seen that cyber-criminals also go in for affiliated vendors of hospitals and insurers that service the healthcare industry.

Ideally, it can be relatively simple to defend against ransom ware; only current backups should be kept off-line by insurers, affiliated vendors and healthcare providers and when a data breach does take place, these backups can be used to reinstate the information.

Unfortunately, the healthcare industry has not been as fast as the rest of the other industries in educating their staff regarding the dangers of data breaches and who would be able to manage and access critical systems to restore and store classified information. It is important for hospitals and healthcare centres to be proactive about data security as data breaches are likely to get more sophisticated in the coming days.

Analysts and security experts opine that rather than focusing on strengthening external defenses and perimeter security such as firewalls and antivirus software, data encryption and document protection are the best forms of cyber security measures.

And more importantly the instruction within every healthcare centre should be that data and document security becomes everybody's business and not just the IT department's concern.

TGDaily:  

British NHS Hospital Trust Under Cyber Attack:             Healthcare Industry Lacks Basic Security Knowhow:

 

« Kaspersky Lab Employee Arrested On Treason Charges
Big Data Analysis – Now Used For Politics… »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Fortinet

Fortinet

Fortinet is a provider of network security systems. Our products provide protection against dynamic security threats while simplifying the IT security infrastructure.

Guardtime

Guardtime

Guardtime's Black Lantern platform provides real-time cybersecurity and data-centric asset protection.

PartnerRe

PartnerRe

PartnerRe provides multi-line reinsurance to insurance companies on a worldwide basis. Services include Cyber Risk.

Futurex

Futurex

Futurex is a globally recognized provider of enterprise-class data encryption solutions.

H-11 Digital Forensics

H-11 Digital Forensics

H-11 Digital Forensics is a global leader of digital forensic technology.

Hexnode MDM

Hexnode MDM

Hexnode MDM is an award winning Enterprise Mobility Management vendor which helps businesses to secure and manage BYOD, COPE, apps and content.

Council to Secure the Digital Economy (CSDE)

Council to Secure the Digital Economy (CSDE)

CSDE brings together companies from across the ICT sector to combat increasingly sophisticated and emerging cyber threats through collaborative actions.

Secure-IC

Secure-IC

Secure-IC provide end-to-end, best-of-breed security expertise, solutions, and hardware & software technologies, for embedded systems and connected objects.

CoverWallet

CoverWallet

CoverWallet combines deep analytics, thoughtful design and state of the art technology to help small businesses with all their insurance needs including Cyber Liability.

Pacific Cyber Security Operational Network (PaCSON)

Pacific Cyber Security Operational Network (PaCSON)

PaCSON is an operational cyber security network of regional working-level cyber security experts in the Pacific.

BastionZero

BastionZero

BastionZero is leveraging cryptography to reimagine the tools used to manage remote access to servers, containers, clusters, applications and databases across cloud and on-prem environments.

DigitalWell

DigitalWell

DigitalWell provide fully managed IT and communications solutions for a truly innovative end-to-end experience - for your customers and teams.

ProArch

ProArch

ProArch is a global team of multidisciplinary experts in cloud, infrastructure, data analytics, cybersecurity, compliance, and software development.

CYBHORUS

CYBHORUS

CYBHORUS are a team of Italian cyber security experts, specialized in cyber threat defense and strategic and organizational consulting.

Levio

Levio

Levio is a digital native business and technology consulting firm. As a true partner from start to finish, our goal is a long-lasting transformation that’s right for your business model.

Piiano

Piiano

Piiano offers developer-friendly privacy and security products. Reduce risk and protect your data by using our specialized security and privacy SaaS tools.