BACKGROUND:
Quest Diagnostics has informed the SEC about a ransomware attack in August that hit ReproSource, a fertility clinic owned by the company. The ransomware attack led to a data breach, exposing a significant amount of health and financial information for about 350,000 ReproSource patients. Quest said ReproSource provided notice that it experienced a data security incident in which an unauthorized party may have accessed or acquired the protected health information and personally identifiable information of some patients.
<p>While focusing on patient care, healthcare organizations struggle to secure their patient data, as there are constant attacks against them. Most of them are profit-generating organizations and are willing to pay up, as the cybercriminals see that, they continue to target them. This type of attack is prosperous for criminals as they target the organization to pay, as well as the patients in a shame campaign, to collect as much money as possible.<br /><br />Healthcare organizations need to invest in their employee\’s education and security culture to help them spot phishing emails and other social engineering attacks to reduce the risk of attacks by cybercriminals via the human element. Critical systems such as patient data need fortifying with multi-factor authentication to reduce the risk of unauthorized access by cybercriminals when inside the networks.</p>