HackDig : Dig high-quality web security articles for hacker

What Was That About Healthcare Security? Here Come The Hacks

2015-02-05 19:40

Hours before we learned about what may become the largest healthcare-related data breach in history, I posted a blog on vulnerabilities in our healthcare systems.

On Wednesday, the second largest health insurance company in the United States announced that it had been the victim of a massive cyberattack, with as many as 80 million customer records compromised. Earlier that morning, I posted a blog that feels eerily prescient, even for someone who has worked in health IT for enough years to know we were headed for trouble. As I explained in “3 Vectors of a Healthcare Cyberattack”, the potential payoffs for hackers targeting healthcare data are huge:

“The black market for patient data is up to twenty times more valuable than that for credit card data often stolen in retail breaches. Healthcare data is detailed, rich, and full of information that cybercriminals can use for identity theft and fraud. More importantly, it takes far longer for patients to know their information has been compromised.”

Those of us who follow health IT knew that it was just a matter of time until a Target-scale breach hit a major insurer or hospital group, but the attack on Anthem (best known for their Blue Cross insurance brands) appears to be particularly egregious. The company said in a statement that hackers

“...have obtained personal information from our current and former members such as their names, birthdays, medical IDs/social security numbers, street addresses, email addresses and employment information, including income data.”

While credit card and payment information wasn’t stolen, the potential for identity theft and related fraud with these types of data is very high. What is perhaps of even greater concern, though, is the apparent completeness of the compromise. Anthem noted on a special website dedicated to the breach (www.anthemfacts.com) that all lines of Anthem Business were impacted and all plans and brands of Anthem insurance were affected. Hackers didn’t target payment information, so it wasn’t exposed; this isn’t to say that it wasn’t vulnerable, just that the attackers didn’t go after it.

As with most of the high-profile breaches we’ve heard about in the last year, this isn’t an indictment of any particular company, or even any particular technological solution. Unfortunately, hackers and their tools have become incredibly sophisticated while too many of our systems (in healthcare and elsewhere) simply aren’t keeping up. As I noted yesterday, malware, phishing schemes, trojans, ransomware, and many other attacks are all floating around in the wild, but but the healthcare industry is particularly vulnerable because it lacks the built-in protections and underlying security mindset of other industries. In the US alone, healthcare is a $3 trillion industry. Patient data sits in countless systems in hospitals, medical practices, insurance companies, and even HR databases. These systems include legacy software, purpose-built hardware, troubled insurance exchanges, and more. With so much money involved, high-value data, and frighteningly large attack surfaces, the Anthem breach may be the largest to date but, unfortunately, won’t be the last. More than any breach we heard about in 2014, this needs to be a wakeup call for serious action on cybersecurity, especially in the healthcare industry, where the risks to consumers go far beyond an easily canceled credit card.


Source: skcah-eht-emoc-ereh-ytiruces-erachtlaeh-tuoba-taht-saw-tahw/tsop/moc.tenitrof.golb

Read:2103 | Comments:0 | Tags:No Tag

“What Was That About Healthcare Security? Here Come The Hacks”0 Comments

Submit A Comment

Name:

Email:

Blog :

Verification Code:

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud