Attackers targeting the healthcare industry has been a common trend over the past few years, with over 91 million records being compromised in the largest healthcare breaches to date: Premera & Anthem BlueCross BlueShield.
According to Bitglass’ 2016 Healthcare Data Breach Report, 98% of records leaked last year were due in part to these large-scale breaches targeting the healthcare industry. These findings come from the U.S. Department of Health’s online database that requires breach disclosures by organizations as a part of the Health Insurance Portability and Accountability Act (HIPAA).
Protected Health Information (PHI) includes very sensitive information like social security numbers, medical records, and dates of birth, which according to the Ponemon Institute are sold on average for $363 on the black-market.
Unlike credit card breaches where those affected can simply terminate all fraudulent transactions and are protected by law, victims of PHI data breaches have little to no resources and are generally not promptly informed of their data being compromised.
Each time access is provided to healthcare data, the potential for loss of privacy & integrity increases. With that being said, healthcare organizations need to embrace state-of-the-art data security solutions and meet security & compliance requirements so avoid being the next victim of a large-scale attack.
The healthcare industry needs to step up to the plate and implement best in class breach prevention and detection solutions to ward off cyber-criminals and protect the medical credentials of its consumers. Having solutions in an organization's IT environment that can detect the presence of malware and ensure hardening measures and user access controls are being enforced will help better protect the sensitive data that make up the healthcare sector.
Any drift from configuration or breach activity needs to be alerted in real time, and with solutions with Breach Detection and File Integrity Monitoring, your organization will be able to monitor any activity within sensitive files and alert you if and why a breach occurs.
In January of 2015, Anthem discovered they had fallen victim to a cyber-attack to its IT systems. The Anthem Insurance data breach is the largest healthcare data breach in history, leaking over 78.8 million patient health records, roughly one-third of total Americans. The breach impacted both current and former members as well as 19 million rejected customers. The information compromised during the attack includes: names, Social Security numbers, Birthdates, healthcare ID numbers, home addresses, email addresses, and employment data, including income data. The information compromised was also not encrypted, leaving almost 80 million individuals at risk of identity theft. The attacker is currently still unknown, but the investigation is still ongoing.
The Premera Health breach which was discovered at the end of January is the second biggest healthcare data breach of this year. This particular breach impacted Premera BlueCross, Premera BlueCross BlueShield of Alaska, and affiliated brands Vivacity and Connexion Insurance Solutions. Premera was able to spot the attack in January, but unfortunately, the initial breach occurred in May of 2014. Sensitive information was leaked including: Applicants and members names, birth dates, email addresses, phone numbers, Social Security numbers, member ID numbers, bank account information, claims information and clinical information were all possibly compromised.
Read this article on InfoSecurity Magazine