Researchers with threat protection company Bitglass are reporting that healthcare breaches reported in 2020 increased to 599, a jump of more than 50% compared to the previous year (386). Most of the breaches were caused by hacking and IT incidents, which exposed data from 24.1 million individuals, making them vulnerable to identity theft and phishing attacks. Experts with Gurucul & YouAttest offer commentary.
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics
<p>The attack on medical institutions for health care identity data has reached crisis proportions. The information is coveted by hackers because of the valuable PII (personal identification information) that can be used to create lines of credit and other valuable financial instruments. </p> <p> </p> <p>The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) that enforces federal civil rights laws has been issuing substantial fines for not adhering the practice and procedures outlined in the HIPAA regulations. These include: $2.3m fine to Community Health Systems for a 6.1m data record breach and a $6.85m fine to Premera for a 10.4m breach in records. Both were cited for failures concerning risk management and access controls.</p>
<p>The recent Healthcare Breach report highlights what security professionals have been saying for a while – healthcare is at serious risk from cyberattack. From an attacker\’s perspective, the healthcare industry is ripe for data theft, ransomware, and hybrid attacks. The industry faces a number of challenges as well, between internet connected medical devices that vendors aren\’t patching, to healthcare workers who are prime targets for phishing and social engineering, and complex IT and data systems that need to simultaneously comply with HIPPA and related regulations while being able to easily share data across organizations.</p> <p> </p> <p>Organizations need to review their cybersecurity policies, training regimens, and security stacks to make sure they\’re up to date and able to deal with the challenges they face.</p>