Healthcare Cyber-Attacks Still Going Up

Healthcare providers and government agencies across the US have seen an increase in cybersecurity breaches in recent months, exposing sensitive data from hundreds of thousands of people as the sector scrambles to find adequate defense mechanisms.

“These threats are real,” Oscar Alleyne, senior adviser at the National Association of County and City Health Officials, said  during a recent panel in Washington.

The breaches include malware attacks, computer thefts, unauthorised network access and other security breaches, according to a government database that tracks attacks in the health-care sector.

A recent trail of large-scale cyberattacks on the health-care industry exposed the vulnerability of the sector. 

Last year’s global WannaCry ransomware attack crippled parts of the UK’s National Health Service for days.

In a 2015 hack, US health insurance giant Anthem Inc. had about 79 million customers’ personal information exposed.

Along with detailed personal information like Social Security numbers, health-care hacks can include sensitive information about a patient’s medical history and treatment. In other cases, breaches can cripple a hospital or health system, preventing sick people from getting the care they need.

They can be a business risk, too.

“Of course, there’s privacy,” Axel Wirth, a technical architect at security firm Symantec Corp., said during the panel, “but there’s also intellectual property and business data. Your latest vaccine research could be compromised.”

In April, there were 42 reports of data breaches in the health-care sector, according to the Department of Health and Human Services database, which tracks cases where data from 500 or more people were affected.

That month, the California Department of Developmental Services reported that 12 of its computers, containing medical records of 582,174 people, had been stolen. A few days later, Inogen Inc., a medical-equipment company, said personal information of almost 30,000 customers was exposed after a hacker had gained access to an employee’s email account.

Costly Attacks

The attacks can get expensive: According to estimates Alleyne cited during the panel, a data breach can cost health-care providers more than $400 per patient.

“When I was a local epidemiologist, my county was 312,000-something people,” Alleyne said. “You multiply that out by records and see the significant cost.”

Anthem, the insurer, eventually agreed to pay $115 million to resolve consumer claims over its 2015 breach.

Health departments in counties and cities tend not to have sufficient defense mechanisms in place. Alleyne said only 33 percent of the local health departments in the association had plans on how to defend against a cyberattack. Only 23 conducted training on the issue, and only 8 percent participated in drills or exercises.

Information- Management

You Might Also Read: 

British NHS Sure To Be Hit By More Cyber Attacks:

5 Major US Hospital Hacks:

 

« Public Cloud Security Is A Conundrum
Powering The Future Of Artificial Intelligence »

Perimeter 81

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

DigitalStakeout

DigitalStakeout

A simple and cost-effective solution to monitor, investigate and analyze data from the web, social media and cyber sources to identify threats and make better security decisions.

BackupVault

BackupVault

BackupVault is a leading provider of completely automatic, fully encrypted online, cloud backup.

Cyber Security Service Supplier Directory

Cyber Security Service Supplier Directory

Free Access: Cyber Security Service Supplier Directory listing 5,000+ specialist service providers.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

eBook: Practical Guide to Security in the AWS Cloud

eBook: Practical Guide to Security in the AWS Cloud

AWS Marketplace would like to present you with a digital copy of the new book, Practical Guide to Security in the AWS Cloud, by the SANS Institute.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Help Net Security

Help Net Security

Help Net Security has been a prime resource for information security news and insight since 1998.

Cyberoam

Cyberoam

Cyberoam, a Sophos company, offers network security solutions, centralized security management, centralized visibility and granular control into users' activities in business networks

Heimdal Security

Heimdal Security

Heimdal Security provides proactive protection against cyber threats including ransomware, exploit kits and financial malware.

Lacework

Lacework

Lacework brings speed, scale, and automation to cloud security and allows security and DevOps teams to collaborate on keeping data and applications safe.

ACET Solutions

ACET Solutions

ACET Solutions delivers a wide range of Automation, Cyber Security and Enterprise IT/OT Integration Solutions to industrial clients.

Mias TSCM

Mias TSCM

Mias TSCM provides Cyber TSCM (Technical Surveillance Countermeasures) bug sweeping services.

Legal Cyber Security Expo

Legal Cyber Security Expo

Legal Cyber Security Expo is the UK’s leading event for protection against cyber attacks and data breaches in the legal sector.

Enso Security

Enso Security

Enso is the first Application Security Posture Management (ASPM) solution, helping security teams everywhere eliminate their AppSec chaos with application discovery, classification and management.