Cybersecurity experts Matan Or-El and Leon Lerman commented on recent news of yet another healtcare data breach, this one a ransomware attack at the Redwood Eye Center in California.
Matan Or-El, CEO at Panorays:
“As healthcare organizations integrate more third-party software and systems, their risk increases as well. The Redwood Eye Care Center found this out when its EMR hosting vendor was hit with ransomware, exposing the personal information of more than 16,000 patients. Healthcare information is a popular target with cybercriminals, as it sells for high prices on the dark web. Even though Redwood Eye Care Center has changed vendors, this could happen again. That is why healthcare organizations need to continuously monitor the security of all their third-party vendors to detect any changes in security and react quickly.”
Leon Lerman, CEO at Cynerio:
“In the 2018 HIMSS Cybersecurity Survey, more than two-thirds of healthcare leaders admitted to face a significant security incident in the last year. This strongly shows us that attackers continue to find ways into the hospital’s network and it’s inevitable for the initial infection to happen – organizations need to make sure they have the right controls in place to detect the attack on time and stop the spread before a significant damage is done. This includes adding Visibility, detection and protection capabilities to areas to which the providers are typically blind to – like connected medical devices & their ecosystem which attackers use as a gateway to the hospital’s sensitive data.
The increased resources to address cybersecurity needs is a step in the right direction, as one of the main reasons healthcare is among the top targeted industries by hackers is its lax security posture which hackers leverage to put their hands on sensitive patient data which is still one of the most profitable assets on the black market , providers will need to leverage the resource increase to deal with the growing number of security risks, which include not only the traditional infosec risks but also healthcare specific emerging risks – like the risk associated with the increased introduction of connected medical devices.”