Arizona healthcare group Banner Health has said that hackers may have accessed records of 3.7 million of its customers. Hackers could have accessed information including names of customers, their social security numbers and date of birth. An Ohio-based healthcare group was also recently targeted by hackers, who stole sensitive patient data and proceeded to leak it via Twitter. Jonathan Sander, VP of Product Strategy at Lieberman Software commented below.
Jonathan Sander, VP of Product Strategy at Lieberman Software:
Why are healthcare organisations being attacked so often recently?
“Healthcare data is attacked so often because of simple economics. In the black market for personal information, the records with the most data are the most expensive. Healthcare information usually offers the bad guys the highest concentration of personal information per record, and therefore is the stolen goods they can sell for the most money.”
Do healthcare organisations need any special/different cyber protection to other business or do the same rules apply?
“There is no special formula to protect healthcare data. Of course, healthcare does present some types of system you only find in hospitals and some situations that only occur in a place like an emergency room. But in the end the methods you would apply to protect the information would be the same, even if you may apply them slightly differently. For example, you may have a doctor walking rounds from patient to patient and that doctor will walk up to the note ubiquitous computer by each bedside to pull up the chart. Asking that doctor to log in, perhaps use multi factor, and then log out every time adds a lot of time and complexity to their job. Many hospitals have chosen smart cards or near field authentication for that reason. It’s not like those technologies were invented for this use case, but they are applied that way pretty uniquely by the healthcare sector.”
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.