Medical Data Has Become the Next Cybersecurity Target

everything possible/Shutterstock.com

The health industry is not immune to cyberattacks.

Hackers often carry out massive cyberattacks to gain access to financial data throughbanks and retail companies, but this week's cybercrime hit a seemingly new target: medical data, taken from the health insurance company Premera Blue Cross. The attack affected 11 million patients, making it the largest cyberattack involving medical information to date.

The healthcare industry has been catching hackers' attention lately.

In February, the health insurance company Anthem reported a breach in which hackers accessed to about 80 million records, and in 2014, the Tennessee-based hospital operator Community Health Systems saw 4.5 million records accessed, though both companies said no medical data was exposed.

Even so, as Pat Calhoun, the senior vice president of network security at Intel Security, puts it, the healthcare industry is just beginning to find itself in cyber-criminals' crosshairs, making it slow to shield people's records.

"The healthcare industry is not immune to attacks," he told me. "It's really a wake up call for manufacturers and healthcare providers to understand how to minimize the impact on security challenges."

Calhoun points out that healthcare breaches aren't unheard of: In fact, according to Intel Security and the Atlantic Council's latest report on cyber risks, about 44 percent of all registered data breaches in 2013 targeted medical companies, with the number of breaches increasing 60 percent between 2013 and 2014.

Those numbers may seem larger than expected—how often do healthcare breaches make the news?—but Calhoun tells me that these reported medical-company breaches happen on smaller scales, affecting far fewer people than attacks on banks and government data.

Still, hospitals and insurance companies aren't necessarily more vulnerable than banks and government entities. Miten Marfatia, the CEO of the IT solutions provider EvolveWare, tells me that no matter what industry, vulnerability depends on the type of systems they have.

"The older the system, the more vulnerable it is to cyberattacks," he says. The fix to this seems obvious—update software regularly to prevent breaches—but not enough healthcare companies understand the issue.

"Advanced cybersecurity defenses are still a relatively new idea to many healthcare organizations," said Greg Kazmierczak, the CTO of data-security company Wave Systems Corporation. "Big banks and large financial firms, on the other hand, have been dealing with these issues internally and in the public eye for the past decade or so with the large-scale breaches of JP Morgan and Bank of America."

In other words, as more attacks happen, more victims will beef up their cybersecurity. So, with the Premera breach, it's the healthcare industry's turn to rethink data security.

Medical data is also becoming a highly lucrative target. "Financial data has always been a priority, because it's low-hanging fruit," Calhoun says. "But over the past couple of years, we've identified that medical information has a higher value on the black market than credit card information."

This, he says, has more to do with what a person whose data has been accessed can do. When it comes to financial data or stolen credit cards, for example, people can take steps to cancel their cards and prevent identity theft. With medical data, no such contingency plan exists, as companies continue to figure out how to respond both quickly and efficiently to cyberattacks.

For now, both Anthem and Premera have consulted the cybersecurity company FireEye Inc. to investigate their vulnerabilities. Laura Galante, FireEye's threat intelligence manager, told me that as more of these breaches occur, healthcare insurers have gained, as she puts it, "a new appreciation for advanced threats intent on compromising their networks."

Yet it's not just about fortifying security against potential hackers, she says. Replacing or updating security systems is important, but when these data breaches occur, they test patients' trust in the healthcare industry. This means that hospitals and health insurance companies need to better communicate to their patients and customers about how their medical data is protected in the first place.

"Historically, companies have to be adept to buying the latest technology," Galante said. "But this problem goes beyond that."

(Image via everything possible/ Shutterstock.com)

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.