Healthcare Data Breaches Abound: How Will Your Organization Keep Sensitive Patient Information Safe?

The years 2014 and 2015 were hard for businesses, as hackers made their way into databases that included countless financial records, government and military secrets, and highly sensitive and valuable proprietary information (think Sony and Ashley Madison). This year, hackers seemed to shift their focus, targeting medical organizations with a vengeance. By February, NBC news had declared that health care records hacking had “skyrocketed“, jumping a mind-boggling 11,000 percent (nope — not a typo) in a single year. If that doesn’t make you want a network security audit to access your vulnerabilities, nothing will.

Many of the hacks came in the form of ransomware. Ransomware is a special kind of malware that locks down a database (or sometimes just steals copies of the data) until the victim pays a ransom. Ransom is usually demanded to be paid in bitcoin, which is an untraceable form of internet currency that is commonly used for criminal activity. Other hacks came with no ransom demand. Hackers simply stole the data on patients and either used it for criminal gain or sold it on the black market, most commonly on the Dark Web or Dark Net. The Dark Web is part of the Deep Web, or the part of the internet that is inaccessible by mainstream browsers (Internet Explorer, Firefox, Chrome, etc.)

Why Hackers Want Medical Information

There are three primary reasons why hackers go after medical records:

  • For ransom
  • To sell for profit
  • To exploit for profit themselves

Unfortunately, the cyber security measures in place at most medical organizations and facilities are outdated, insufficient, or both. Faced with tight budgets and constant concerns over ever-growing regulations, most hospitals, nursing homes, doctors offices, and other organizations that manage patient records don’t spend the time, effort, and funding that businesses do. They often neglect things like a network site survey, network monitoring, and other modern security measures. It is estimated that one out of every eight patients in the U.S. have had their medical records compromised at some point.

Why Medical Records are More Valuable Than Other Personally Identifiable Information

Aside from the relatively easy pickings hackers have with medical organizations, medical records are actually more valuable on the black market than ordinary credit card numbers or other personally identifying or financial information. Hackers go after medical records because:

  • These records contain more information, including patient and family histories
  • These records are permanent (like social security numbers, birthdays, etc.), unlike bank account and credit card numbers that can change
  • These records can be used to commit a number of crimes, including insurance fraud, tax fraud, and identity theft.

Medical records sell on the black market (Dark Net) for ten to twenty times the amount that other forms of personal identity records sell for.

How You Can Protect Your Medical Organization

If you are in charge of storing, managing, or working with medical records, how can you keep those records and the patients they represent secure?

  • Start with a network security audit. This will assess your vulnerabilities and identify where you need to make changes.
  • Keep offsite copies of your data backups, and make sure that backup systems are disconnected from primary systems except when the backup process is underway.
  • Employ modern cyber security measures, including an up-to-date antivirus solution, network monitoring tools, etc.
  • Establish a response plan. Know exactly how to proceed if your systems are targeted for ransomware, data theft, or other cyber crimes.

The network site survey you need is just a click away. Request a FREE network survey today!

By Tony Ridzyowski

08.18.2016

Sign up for the TTI Newsletter