Experts Insight On Almost 40 Million Healthcare Records Stolen Or Leaked In 2019

It has been reported by the HIPPA Journal that more than 38 million healthcare records were exposed in breaches throughout 2019. October in particular was the month with the highest number of data breaches being formally reported by the healthcare sector. 28 of the incidents were caused by unauthorized access or disclosure, while 18 of them originated from hacking or IT incidents. This shows that the healthcare industry is still a target that is both appealing and easy to attack.

Commenting on the story are the following cybersecurity professionals:

Experts Comments

November 27, 2019
Javvad Malik
Security Awareness Advocate
KnowBe4
Healthcare information is some of the most sensitive of personal information. While it is important to have healthcare information readily available to medical professionals, care needs to be taken that the information is not made available to criminals trying to gain access. It's not that there is a lack of data protection tools and procedures. Encryption, multi-factor authentication, data access models and such all exist. What we have is more of a lack of willingness, or awareness to.....Read More
Healthcare information is some of the most sensitive of personal information. While it is important to have healthcare information readily available to medical professionals, care needs to be taken that the information is not made available to criminals trying to gain access. It's not that there is a lack of data protection tools and procedures. Encryption, multi-factor authentication, data access models and such all exist. What we have is more of a lack of willingness, or awareness to implement strong data protection controls, in some cases for good reason. But broadly speaking this is a cultural issue, where medical institutes by and large do not consider security requirements, and do not drill in security through every role. Until we see cyber security being embedded into the culture of healthcare organisations in the same way that we try to combat the spread of germs with constant reminders and availability of anti-bacterial hand wash, we will continue to see breaches occur.  Read Less
November 26, 2019
Javvad Malik
Security Awareness Advocate
KnowBe4
Healthcare information is some of the most sensitive of personal information. While it is important to have healthcare information readily available to medical professionals, care needs to be taken that the information is not made available to criminals trying to gain access. It's not that there is a lack of data protection tools and procedures. Encryption, multi-factor authentication, data access models and such all exist. What we have is more of a lack of willingness, or awareness to.....Read More
Healthcare information is some of the most sensitive of personal information. While it is important to have healthcare information readily available to medical professionals, care needs to be taken that the information is not made available to criminals trying to gain access. It's not that there is a lack of data protection tools and procedures. Encryption, multi-factor authentication, data access models and such all exist. What we have is more of a lack of willingness, or awareness to implement strong data protection controls, in some cases for good reason. But broadly speaking this is a cultural issue, where medical institutes, by and large, do not consider security requirements, and do not drill in security through every role. Until we see cybersecurity being embedded into the culture of healthcare organisations in the same way that we try to combat the spread of germs with constant reminders and availability of anti-bacterial hand wash, we will continue to see breaches occur.  Read Less
November 26, 2019
Dean Ferrando
Systems Engineer Manager – EMEA
Tripwire
To ensure patients’ care and safety, healthcare organizations must ensure that their environment is duly protected against unauthorized changes and misconfigurations, which can make their environment susceptible to a cyber-attack. Given the increased cyber-attacks against healthcare organizations, it is simply no longer sufficient to merely be compliant with security frameworks. When retaining this kind of data, it is critical to choose an encryption solution that not only protects the.....Read More
To ensure patients’ care and safety, healthcare organizations must ensure that their environment is duly protected against unauthorized changes and misconfigurations, which can make their environment susceptible to a cyber-attack. Given the increased cyber-attacks against healthcare organizations, it is simply no longer sufficient to merely be compliant with security frameworks. When retaining this kind of data, it is critical to choose an encryption solution that not only protects the database instances, but also provides protection for data in transit and at rest.  Read Less
November 27, 2019
Ilia Kolochenko
Founder and CEO
ImmuniWeb
“Considerably more health records are currently being sold via the Dark Web. Even if we ignore old dumps, duplicates and fakes, we will likely arrive at a substantially higher number. The reported number is composed of identified and reported breaches, but that is just the tip of the iceberg. Most of the breaches are, however, never detected due to their sophistication or inadequate level of cybersecurity and breach detection. "Worse, with the rapid proliferation of outsourcing and sensitive .....Read More
“Considerably more health records are currently being sold via the Dark Web. Even if we ignore old dumps, duplicates and fakes, we will likely arrive at a substantially higher number. The reported number is composed of identified and reported breaches, but that is just the tip of the iceberg. Most of the breaches are, however, never detected due to their sophistication or inadequate level of cybersecurity and breach detection. "Worse, with the rapid proliferation of outsourcing and sensitive data handling by numerous third-parties, breaches stemming from external providers is unclear but probably of immense size. Continuous security monitoring and anomaly detection, asset inventory and attack surface management enhanced with well-thought-out and properly enforced third-party risk management is crucial for an effective cybersecurity strategy.”  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Share on facebook
Share on twitter
Share on linkedin

Recent Posts

Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics

Twitter Facebook-f Linkedin Youtube

Working With Us

The Pages

Our Contributing Experts