If you’re a hacker, you’ll probably find no better buffet of valuable data than the spread currently being offered in the healthcare sector.
An already less-than-clean bill of health for the state of IT security in healthcare has given way to one of the worst breaches of the year: a hack targeting nearly 10 million patient records in the US.
According to TechSpot, a seller known as “thedarkoverlord” (that never bodes well) began listing patient details such as “names, addresses, dates of birth, social security numbers, and health insurance information,” on the dark web black market, TheRealDeal, this past weekend.
The largest group from this 9.3 million batch of names contains 9.2 million records stolen from a large US health insurance provider, and is being sold for 750 bitcoins, or close to $500,000.
Motivation gives way to opportunity
When we asked Aberdeen Group vice president and research fellow, Derek Brink, about his thoughts on the attack, he wasn’t surprised in the least that it happened.
“From the cybercriminal perspective, the motivation is certainly clear enough: Healthcare records are valuable – even more valuable than payment card information,” said Brink.
However, while the motivations behind cyberattacks like these may not be surprising (for example, you can do a lot more with victims’ data than you can a credit card that could be shut off at a moment’s notice), the ripe-for-the-picking opportunity inherent in healthcare is. It’s also very disconcerting.
“The opportunity for cybercriminals is probably the biggest factor,” Derek continued. “In the healthcare sector, the rate of implementing innovative solutions – such as mobile apps, cloud-based records, connected healthcare devices, and the Internet of medical things – is vastly outpacing the implementation of appropriate security measures.”
Symptoms taking a turn for the worse
Derek Brink’s take on security in the healthcare industry, released just two weeks ago – unfortunately for the victims here, should serve as a wake-up call:
IBM’s interactive infographic of publicly disclosed data breaches revealed that the health care industry represents a steadily growing percentage of all data breaches. It has risen from 5 percent in 2013 to 8 percent in 2014, 9 percent in 2015 and 15 percent in the first half of 2016 (through June 1).
What is the right cure?
So, how can healthcare companies combat this negative trend in data, especially in the face of yet another breach? According to Brink, it boils down simply to making things happen.
“The modern healthcare organization needs to be aware of its risks, develop a security strategy for how much risk it’s willing to accept, and invest in a more mature set of capabilities for linking strategy with execution,” said Brink, who mentions that the strategy here can include stronger identity governance and more effective use of data and analytics.
“We can predict with confidence,” cautioned Brink, “that unless the organization’s leadership does this, symptoms will only continue to grow worse.”
With this latest attack, this couldn’t be more accurate: The symptoms have already worsened for an industry about to flatline in regard to its security practices.