2015 was “the year of the healthcare breaches”-according to IBM, 2016 Cyber Security Index.
During the last year, 47% of the United states population experienced a personal healthcare data breach.
Out of the 16 critical infrastructure sectors, the Healthcare industry suffered from the most recent data breaches, an estimated ~21% - according to Gemalto’s report Data Breach Index for the first half of 2015.
Scary statistics speaks for itself, but what makes healthcare industry so attractive to cyber-criminals?
Simple answer. Easy opportunity for profit plus + lack of security protection.
Medical profiles are worth much higher on the black market than simple credit card numbers, since they contain: patients’ social security number, home address, phone number, emergency contacts, email address and etc.
According to Elliott Franz who is a CEO at Virtue Security “it’s easier than ever to gain access inside a hospital’s network and compromise a device,”
In February this year, the computers at Hollywood Presbyterian Medical Centre have been down for more than a week as the Southern California hospital tried to recover from a Ransomware attack.
In order not to lose all its patient medical records, the hospital paid $17,000 to restore the hijacked files.
2015, was the year of healthcare breaches, but for now 2016 hasn’t shown a different face.
What measures to undertake?
Hackers will use many kind of advanced attack techniques to achieve their final goal.
For all businesses, as well as for healthcare organizations, it is very important to implement layered security approach and to use variety of other tools to block hackers out! A comprehensive security solution is number one move that each business has to undertake.
Having a security solution that is always up to date and that is able to defeat ransomware, keyloggers, financial malware, SSL injectors and other threats is a must have for every organization.
Besides, it is very important to include other techniques such as segregating networks so in case a hacker manages to gain access to one network area doesn’t automatically have access to all the data stored throughout the organization.
Since more and more organizations rely on wireless routers, one more technique that healthcare organizations should apply is to keep that their routers and other parts up to date. Beside having their routers safe having their network passwords secure and changed frequently is an additional level of security that hackers will find hard to pass.
Without proper education we are lost. Same goes for this situation. Many healthcare data breaches were caused by employees itself without themselves being even aware of it. Healthcare organizations should educate their staff members on how to avoid a phishing scam, on social engineering tactics and other attacks that target employees, and very importantly advice on choosing secure passwords.
Hackers very often misuse the existing software that your organization is using if it is not up to date all the time. Healthcare organizations should always keep the software patched and up to date to lessen possible security vulnerabilities.
It is very important to think about your organizations safety and to implement security techniques and tools that will keep you safe as best as possible. Remember a data breach always costs more than securing your organization.
So, what is better?!