The California hospital hack in February brought even more awareness to the fact that the medical industry is increasingly a prime target for hackers. That raises two serious questions for decision-makers in healthcare: why is this happening, and what can facilities do about it?
Examples of Healthcare Hacks
Before answering the two questions, consider the scope of the problem. Unfortunately, there are plenty of examples of hacks against the healthcare industry other than the recent California case. For example, Community Health Systems, a hospital operator in Tennessee, said in August 2014 that records for 4.5 million patients had been breached in a Chinese cyber attack. In January 2015, Anthem Insurance announced it was the victim of a massive digital heist that saw about 80 million customer records taken. Finally, in 2015, one in three Americans had their healthcare records breached.
Lucrative Medical Records
Medical records are very valuable—much more so than stolen credit card records. Indeed, reports say stolen health credentials are worth about $10 each, which is about 10 to 20 times the value of stolen credit card information. The explanation is simple: once financial institutions are aware of a security breach, they can block access to compromised cards. But the kind of data in health records—such as patients' social security numbers—cannot be changed as easily. Therefore it stays valid longer, and is of use to criminals for longer. That makes it worth more. Plus, the data can be abused for many purposes besides selling it; for example, criminals can use stolen health credentials to obtain medications or medical services.
Many medical institutions are not adequately defended against today's cyber attacks. Facilities such as hospitals tend to operate lots of computers with old software—software that may be out-of-date and not correctly patched. Furthermore, medical facilities typically employ lots of personnel, and those individuals bringing their own devices to work or clicking on phishing links from work computers increases the risk of a breach.
Thankfully, medical facilities have effective options available for defending themselves. With network security monitoring, healthcare organizations can gain visibility into what is happening on their digital systems and be alerted when traffic patterns are suspicious. In addition, technologies such as SIEM work to analyze security events. This can all be done in such a way as to maintain HIPAA compliance.
As the industry continues to move to electronic health records (EHRs), cybersecurity for healthcare has never been more important. EiQ's SOCVue managed security service is one cost-effective way to meet this challenge and ensure medical records stay confidential.
Hackers have been increasingly targeting the healthcare industry, and with good reason: given the often outdated software and large number of devices being used, it's relatively easy to access valuable patient data. Educating healthcare workers on the threats posed by hackers and investing in reliable network security monitoring can help medical facilities protect their data and avoid costly hacks.
More and more, organizations who were previously understaffed, underbudgeted, and overwhelmed are finding that EiQ’s hybrid SaaS security services that combine the best people, process, and technology are a welcome change from going it alone. EiQ is transforming how mid-market organizations build enterprise-class security programs. Acting as an extension of our customers’ IT teams, EiQ’s SOCVue provides continuous security operations based on best-of-breed technology at a fraction of the cost of alternative solutions. EiQ is a trusted advisor to organizations that need to improve their IT security and compliance posture by protecting their infrastructure against cyber threats and vulnerabilities. To learn more, please request a demo today!
Photo: Suwin / Shutterstock.com