Which hospital chain will get hacked? Or should we ask which one will have the foresight to invest in security and prevent the hack?
With the confluence of mass scanning, criminal hackers, and now monetization of health records:
Reuters story: http://www.reuters.com/article/2014/09/24/us-cybersecurity-hospitals-idUSKCN0HJ21I20140924
“Security experts say cyber criminals are increasingly targeting the $3 trillion U.S. healthcare industry, which has many companies still reliant on aging computer systems that do not use the latest security features.”
Medical information is worth 10 times more than a credit card in the black market.
‘Said Dave Kennedy, an expert on healthcare security and CEO of TrustedSEC LLC. “Hospitals have low security, so it’s relatively easy for these hackers to get a large amount of personal data for medical fraud.”‘
“Medical identity theft is often not immediately identified by a patient or their provider, giving criminals years to milk such credentials. That makes medical data more valuable than credit cards, which tend to be quickly canceled by banks once fraud is detected.”
This is the biggest problem in my opinion… If a medical record was stolen how would we know?
If the medical organization is not up to speed on cyber security than how would they ever know of any hacks? So that is why this is so important. And as we know in the cyber security industry, the attackers do not give up, they have a patience and plotting nature. So give them another year or so and we will see many more headlines like this http://money.cnn.com/2014/08/18/technology/security/hospital-chs-hack/ 4.5 mil records hacked on Community health Systems which operates 206 hospitals across the USA.
There is a Raytheon Cyber Products survey (includes the Ponemon Institute) surveying IT security practitioners http://www.trustedcs.com/resources/whitepapers/Ponemon-RaytheonSecurityInTheNewMobileEcosystemResearchReport.pdf
Has the following interesting info:
“Security is sacrificed for productivity. The majority of respondents (52 percent) say security
practices on mobile devices have been sacrificed in order to improve employee productivity.
Moreover, 60 percent believe employees have become less diligent in practicing good mobile
security. The two biggest mobile security risks are malware infections and end-user negligence.”
Essentially mobile devices are more productive, but yet security in applications, although important has not been thought through enough. And there are employees who resist security initiatives.
So unfortunately many people’s medical records will have to be hacked and sold on the black market before changes are made.
Contact Us to get ahead of he game and scan your systems for vulnerabilities and analyze the results to work on your security processes and procedures as well as actual system hardening.
1 thought on “Will 2015 be the year of health record hacks?”