News broke yesterday of the compromise of approximately 270,000 patient records after Med Associates suffered a data breach. The firm confirms that the breached data may have included personal details of the patients. However, the investigations are still going on about the matter. Med Associates healthcare service suffered a data breach, which may have left a large number of patients data exposed to hackers. The firm discovered some unusual activity from one of its official workstations on March 22, 2018.
Itsik Mantin, Lead Scientist at Imperva:
“In both CarePartners and Med Associates incidents, the breach occurred when data was pulled from the databases to one of their workstations.
There are no details on whether they have identified the individuals behind these breaches, but given that majority (56% according to the Verizon Breach Report) of healthcare breaches are done by insiders (employees, contractors or third-party partners), it wouldn’t be surprising if it turns out that the attackers were insiders abusing their legit access.
The healthcare industry has the dangerous combination of the most private data of their patients, estimated to be ten times more valuable for hackers than credit card, and the necessity for smooth, fast access of most of their personnel to the these patients records in order to provide the best fit treatment. Moreover, this access is made from a large number of endpoints. Not surprising at all that cyber criminals are increasingly targeting this $3 trillion industry.”