Healthcare industry needs treatment to improve data security
The healthcare sector collects a lot of detailed information about its clients and that makes it a prime target for cybercriminals.
A new report from SecurityScorecard confirms this, aggregating data from a number of different sources it reveals that healthcare remains the most breached industry.
"Electronic Personal Health Information (ePHI) and Electronic Medical Records (EMR) contain all the most valuable information that a malicious actor can sell on the dark web," say the report's authors. "Name, birth date, social security number are only the tip of the iceberg -- even low skilled fraud actors are able to easily monetize such information. However, the additional data points of EMR and ePHI include financial records, health insurance information, and all the aggregate information needed to exponentially increase the value of the data -- everything from low level identify theft to advanced insurance fraud is made possible when the prolific amount of hacked data available on the internet underground."
Increases in attacks across the board for the healthcare industry indicate that malicious actors target every potential vulnerability to obtain the valuable records stored by providers. Attacks against physicians' offices and smaller healthcare clinics are also on the rise compared to insurance companies, pharmacies, hospitals, and colleges.
Malicious actors increasingly target small networks in order to stay under the radar, as larger enterprises may be more security aware and are on the look out for malicious activity. This is a similar pattern to that seen in the finance sector, where attackers have switched away from large, well secured, banks to smaller organizations.
Part of the problem for healthcare organizations is that they often need to share data with others such as laboratories and specialists. They therefore need to balance this against keeping data secure.
You can find out more on the SecurityScorecard site.