Healthcare Industry Increasingly the Target of Cyber Attacks

Healthcare Industry Increasingly the Target of Cyber Attacks

In 2015, the healthcare industry took three spots in the top seven data breaches. Those noted were Excellus BlueCross BlueShield, Premera Blue Cross, and Anthem.

While the number of breaches decreased from 294 in 2014 to 268 in 2015, the total individual records lost increased from approximately 13 million in 2014 to over 113 million in 2015. According the Ponemon Institute, stolen patient health records can go for as much as $363 per record.

Ponemon Institute Study on the cost per record of a data breach by industry.

Ponemon Institute Study on the cost per record of a data breach by industry.

The reason medical information is worth more than credit card data on underground markets is that the data cannot be cancelled like a credit card. A victim cannot change their date of birth and the information in health records is sufficient for creating fake identities.

In addition to cyber-crime, the healthcare industry also is often is involved in medical research and studies.

  • The intellectual property could be stolen.
  • The results of research could be used to make stock market decisions.

In 2016, healthcare took a new hit in addition to data theft. This new attack does not steal data; however, encrypts medical data making it unreadable. These attacks in some cases required patients to be redirected to other hospitals.

These attacks require that the healthcare industry step up their data security game. Attackers often are not launching attacks that could not be stopped or mitigated by implementing best practice security. Identifying and mitigating application vulnerabilities would play a key role along with user education and awareness training.

It is also important to have business continuity plans that address catastrophic system failures like the encryption of data on servers. These attacks are only going to increase as criminals have found a new target with data even more valued than financial data.

Post by Remote Process