background preloader

Health care

Facebook Twitter

Epidemic of cyber attacks compromising healthcare organizations. Posted on 19 February 2014.

Epidemic of cyber attacks compromising healthcare organizations

The networks and Internet-connected devices of organizations in virtually every healthcare category — from hospitals to insurance carriers to pharmaceutical companies — have been and continue to be compromised by successful attacks. A network compromise often leads to a data breach, potentially exposing the personally identifiable information of millions of consumers as well as the organization’s own intellectual property and billing systems. In addition, these compromised networks allow cybercriminals to use the organization’s network infrastructure and devices to launch attacks on other networks and to execute billions of dollars worth of fraudulent transactions.

A new SANS-Norse report reveals many findings and salient conclusions. Among the most alarming were the following: Although many types of organizations were compromised, one type produced the majority of malicious traffic: PHI breaches up 138% in 2013. More than 7 million patient records were breached last year, an increase of 138 percent from 2012, according to a report from IT security audit firm Redspin.

PHI breaches up 138% in 2013

The report analyzes breaches reported to the U.S. Department of Health & Human Services and identifies trends and highlights areas most in need of improvement. A single incident--the theft of four desktop computers from Downers Grove, Ill. -based Advocate Medical Group--exposed more than 4 million records. Stolen devices also accounted for the second- and third-largest breaches; all three involved unencrypted data. Sign up for our FREE newsletter for more news like this sent to your inbox! There has been a sense that by requiring security assessments to qualify for Meaningful Use incentives and by bolstering enforcement, the government was driving real progress in protecting PHI, Daniel W. Yet, "many HIPAA security risk assessments only graze the surface," he says.

Insecure healthcare.gov allowed hacker to access 70,000 records in 4 minutes. When it comes to the atrocious state of HealthCare.gov security, white hat hacker David Kennedy, CEO of TrustedSec, may feel like he’s beating his head against a stone wall.

Insecure healthcare.gov allowed hacker to access 70,000 records in 4 minutes

Kennedy said, "I don't understand how we're still discussing whether the website is insecure or not. It is; there's no question about that. " He added, "It is insecure - 100 percent. " Kennedy has continually warned that healthcare.gov is insecure. In November, after the website was allegedly “fixed,” he told Congress it was even more vulnerable to hacking and privacy breaches. Healthcare and Cybercrime: This time Obamacare is not to blame -HackSurfer. At HackSurfer, we monitor the web for cybercrime information about industries like healthcare.

Healthcare and Cybercrime: This time Obamacare is not to blame -HackSurfer

Currently, we are noticing two categories of healthcare cybercrime perpetrators. The first are state-sponsored groups, like the ones present in China, which focus on obtaining sensitive information such as clinical trial research data. The second are organized crime groups, which focus their efforts on obtaining patient information that they then sell on the black market. Unfortunately, these new organized crime syndicates don’t adhere to the high moral and ethical standards characteristic of old time crime syndicates (I like to think of Frank Lucas in “American Gangster” who used his heroin money to somewhat improve Harlem).

Instead, these new age groups are loosely organized and myopic in their pursuit of quick and easy money. China: The new medical technology hub or remaining the drug hub? Clinical trials in the U. So why should the public care? Cybercrime and the Healthcare Industry. Cybercrime in Healthcare: Can It Be Stopped? In healthcare, the access to data and information is so strongly demanded by patients, providers, payers and employees, that it is fast becoming a target of security and risk.

Cybercrime in Healthcare: Can It Be Stopped?

Regulations such as the Health Insurance Portability and Accountability Act (HIPAA) require organizations to implement safeguards to ensure the integrity and privacy of patient records. However, because the wealth of data in the industry that can be monetized by cyber criminals, healthcare organizations are now increasingly vulnerable to cybercrime. Thus far in 2013, 48 percent of reported data breaches in the U.S. have been in the medical/healthcare industry, according to a breach report in May from the Identity Theft Resource Center.

Cyber-Criminals Target Health Care Information. By Jared Rhoads Consumers entrust health care providers with some of their most sensitive personal information, and they have high expectations that this information will remain private and secure.

Cyber-Criminals Target Health Care Information

However, the incentives for cyber-criminals to exploit weaknesses and vulnerabilities for financial gain are sizable, and industry preparedness is, at best, spotty. According to the Department of Health and Human Services, more than 19 million people have had their health information compromised in some form since the new Health Insurance Portability and Accountability Act (HIPAA) breach notification rule went into effect a few years ago. While many of these breaches are attributable the loss or theft of laptops, thumb drives and other physical data storage devices, instances of cyber-infiltrations are on the rise, and the potential for damage to real-time facility operations is far greater.

Anticipating new threats is a bigger challenge. Stolen laptop compromises more than 12,000 New Mexico patients. Cybercrime in Healthcare: Can It Be Stopped? Www.verizonenterprise.com/resources/factsheets/fs_dbir-industries-healthcare-threat-landscape_en_xg.pdf.