The New Pandemic: Healthcare Data Breaches

Assaults on healthcare organizations aren’t likely to abate any time soon.

istock 658560898 bp 4

Exposed medical data can cost healthcare companies millions of dollars in federal and state fines, civil actions, corrective action plans, credit monitoring, ID theft, and lost business from current and future customers.

HHS’ Office for Civil Rights can impose civil penalties up to a maximum of $1.5 million annually in cases involving failure to comply with privacy and security rules, and criminal violations can result in prison terms. In 2016, Advocate Health Care Network paid $5.5 million in fines for multiple violations that jeopardized electronic health records of more than 4 million patients.

Healthcare organizations are a favorite target of cyber criminals due to the nature of personally identifiable and personal health information stored in databases. These are lucrative targets that provide criminals with opportunities for identity theft, financial fraud, and falsified drug prescriptions.

Held for ransom

Another opportunity for criminals is ransomware, which locks up infected computers and can spread to other networked devices, disrupting normal operations ranging from records access to scheduling operations.

The assaults on healthcare organizations aren’t likely to abate any time soon.

“After two years of a steadily increasing cyber threat landscape that resulted in record numbers of patient records compromised, health organizations extorted financially, and hospital operations disrupted very publicly, 2017 is likely to be just as interesting,” predicts an Health IT Security perspective. “Hackers will continue to go after networks, systems, and applications that have been misconfigured or are not maintained properly.”

In light of the Spring 2017 WannaCry assault that shuttered large portions of the UK’s National Health Service, IT security professionals have awoken to Internet-borne cyber threats such as phishing attacks.

Many organizations, though, may not have adequately prioritized endpoint security, which can be exploited by a physically present hacker. Any connected intelligent device is a potential gateway for cyber criminals.

“All medical devices face a certain amount of cybersecurity risk,” a recent Health & Human Services cybersecurity task force report advised. “The risk of potential cybersecurity threats increases as more medical devices use software and are connected to the Internet, hospital networks, and other medical devices. This connectivity also improves healthcare and increases the ability of healthcare providers to treat patients.”

Physical interference

Many healthcare organizations may not realize that printers can be a physical insertion point for malware that can be used to exploit enterprise networks. For an eye-opening view of how such an exploit could lead to massive exposure of electronic records, watch Christian Slater’s hacking portrayal in episode 2 of HP’s The Wolf.

Fortunately, there are steps you can take to protect your organization from such threats. Printing technology from HP provides security protections such as encryption, configuration administration, as well as BIOS and firmware protection. But the best technology won’t protect you from inadequate security policies. It’s important that healthcare organizations establish requirements for unattended devices, implement and enforce access authorizations, and monitor usage.

To learn more, go to HP Print Security.


Copyright © 2017 IDG Communications, Inc.