Repeat Offender

By Art Gross, President and CEO, HIPAA Secure Now!
Twitter: @HIPAASecureNow
Read other articles by this author

It’s a Fact
When you search for cyberattacks by vertical, always in the top categories is healthcare. It can be filtered from there by the size of the business, whether it is enterprise or small to medium-sized establishments, but the information targeted is patient data.

Why?

Because who knows more personal information about you than your doctor? Likely, no one. And if that data can be accessed, it can be like opening a treasure chest of data to a hacker. So many ways to manipulate that data, it can be an endless source of income via ransomware or sales on the dark web.

Back for More
With outdated and unsupported systems allowing easy access for hackers, the amount of PHI uncovered in a simple breach makes it a jackpot find. Not only are technical security gaps an easy entrance for cybercriminals into healthcare organizations, but poor employee cyber-hygiene makes it incredibly easy for hackers to find their way in. Once these databases go for sale on the dark web, they are then used AGAIN by other cybercriminals for a second round of attacking whether it be by selling the patient data or using administrative credentials to login and hit the network with another breach.

This activity is not limited to US-based hackers either. Foreign-based hackers have been found to target US healthcare networks in an attempt to blackmail them, as well as gain access to research data. Not only does this pose a threat to the patient data, but to the United States medical industry in a different way. If advances in treatment, prescription solutions, or any type of research is stolen and credited to another business entity or country, US-based businesses will suffer that loss financially or from lack of recognition.

What’s the Remedy?
Raising awareness, updating equipment, networks, software, etc. and addressing the risk of biomedical devices before they are in place – all are necessary. We also need to continually address the human factor within healthcare organizations as it is proven time and time again that this poses one of the highest risks to any breach occurring.

This article was originally published on HIPAA Secure Now! and is republished here with permission. HIPAA Secure Now offers annual online subscriptions to help covered entities and business associates keep up with compliance. Learn more here.


HIPAA Secure Now! suite of subscriptions offers an extensive list of tools to provide ongoing training, assessment, moderation activities and more to support an organization’s privacy and security efforts. Subscriptions also support the process of conducting an annual Security Risk Assessment to meet MIPS and Promoting Interoperability requirements.

The subscriptions work for organizations of all sizes, both Covered Entities and Business Associates. All are priced at a flat annual fee, based on number of employees, for a full 12 months. All include a discount if purchased through us.

EXPLORE SUBSCRIPTION LEVELS HERE

If your organization has more than 50 employees, or if you’d like to schedule a demo or you just want to get a couple questions answered, take a few seconds to complete this form and we will get back to you.