Overwhelming Cyber Attacks On Healthcare

Uploaded on 2016-10-19 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Health & Welfare

US Healthcare organisations are struggling to find ways to manage the risks of massive data breaches, which have proven hard to detect, often taking months to discover.

In 1996 the US Health Insurance Portability and Accountability Act (HIPAA) was enacted. The Accountability portion of the law requires that healthcare providers protect the privacy of patient health information and includes security measures that must be followed. Provider success has been mixed and has recently come under intense scrutiny due to the number and size of reportable breaches of health information.

There are several major contributors to this increase. The first is the passage of the American Recovery and Reinvestment Act of 2009. The ARRA included the formation of the Health Information Technology for Economic and Clinical Health Act (HITECH). It also made permanent the Office of the National Coordinator for Healthcare Information Technology (ONC) to set policy and standards and establish procedures to guide and measure the success of the implementation of electronic health records.

Creating EHR systems requires storing a large amount of confidential patient information in multiple information systems and allowing thousands of users and other systems to access those databases.

Adding to the difficulty of securing this data is the increasing number of criminal attacks and HIPAA violations because of the rising value of health information. For many criminals, credit cards had been the target of choice. However, the value of a credit card is brief, as all transactions can be stopped immediately after the bank is aware of suspicious activity.

By contrast, the value of a medical record can be worth 30 times the value of a credit card on the black market. The reason is that the health records contain enough information to create a complete identify for the purpose of opening accounts, obtaining loans, creating passports and stealing healthcare services. The most valuable records include expired patients where identify theft may not be discovered for years.

In 2016, the Ponemon Institute reported that during the last two years, 89 percent of all hospitals reported to the Office of Civil Rights at least one data breach, and 79 percent reported two or more. Many in the industry believe that almost every hospital has experienced multiple breaches.

In the battle to protect health information, many providers are simply outmanned and outgunned by the sophistication and resources of hackers. Some healthcare organisations experience thousands of attacks daily, some of which are likely to succeed in penetrating the perimeter defenses. Once inside, hackers have increased opportunity to steal user credentials that will move them up the security ladder and into the data systems that contain the most valuable information

After enough credentials are collected, it is simply a matter of slowly withdrawing information without triggering alerts. Ponemon reported in 2016 that it takes an average of 226 days to discover a breach and 69 more days to determine how it occurred and to stop the flow. It is safe to assume that after nearly ten months of access, there is little information left for the hacker to steal.

In addition to criminal hackers, hospitals must also contend with staff members using their credentials in an unauthorised manner. There are many reported instances of staff accessing records of co-workers, family or neighbors. The most publicized violations are stealing and selling celebrity health records to the media.

When a staff member is offered thousands of dollars for a single record, they may believe it’s worth the risk of being caught.

HealthDataManagement

 

« Women Suspected To Attempt Next Terror Attack
Stolen NSA Hacking Tools For Sale In Bizarre Auction »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

4Secure

4Secure

For over two decades, 4Secure has specialised in cyber security consultancy, safeguarding the worlds critical Infrastructure through securely bridging air gapped networks.

Egress Software Technologies

Egress Software Technologies

Egress Software Technologies is a leading provider of data security services designed to protect shared information throughout its lifecycle.

Zurich

Zurich

Zurich is a leading multi-line insurer providing a wide range of property and casualty, and life insurance products and services in more than 210 countries and territories.

Egerie

Egerie

EGERIE's RiskManager solution provides a Global, Centralized, and Updated view of risk maps and security measures for your company.

BitRaser

BitRaser

BitRaser serves your needs for a managed & certified data erasure solution that can support internal & external corporate audit requirements with traceable reporting.

Wireless Logic

Wireless Logic

Wireless Logic delivers a range of secure and resilient value-added M2M/IoT managed services that empower remote devices to communicate cost-effectively, two ways.

National Cyber Security Authority (NCA) - Saudi Arabia

National Cyber Security Authority (NCA) - Saudi Arabia

The NCA is the government entity in charge of cybersecurity in Saudi Arabia and serves as the national authority on its affairs.

Vaadata

Vaadata

Vaadata are experts in ethical hacking. We secure your web, mobile and IoT platforms.

Aergo

Aergo

Aergo offers an easier and more proven way to adopt blockchain and transform your business while building on your existing IT and cloud assets.

Sequoia Capital

Sequoia Capital

Sequoia Capital is a venture capital firm focused mainly on technology. We partner both with young companies finding their stride and established ones looking for growth.

SuperCom

SuperCom

SuperCom are a global secure solutions integrator and technology provider for governments and other consumers facing organizations around the world.

Conosco

Conosco

Conosco are industry-leading experts throughout the UK in strategic consulting, project delivery, business communications, support, and security.

Auxilion

Auxilion

Auxilion is an award-winning provider of consulting and IT support services, technologies and consulting for public and private organisations in the UK and Ireland.

BreakPoint Labs

BreakPoint Labs

BreakPoint Labs is dedicated to providing the methods and means for sustainable, measurable, and effective cybersecurity operations.

Applaudo

Applaudo

Applaudo specializes in helping the world’s most admired brands optimize their IT solutions, reduce delivery costs, and accelerate their digital transformation.

Astra Cybertech

Astra Cybertech

At Astra Cybertech, we're more than just cybersecurity experts - we're your partners in safeguarding your digital assets.