The healthcare industry has taken a major beating in terms of cyber security attacks. In the past two years, there has been a myriad of breaches, compromising the personal health information (PHI) of millions. According to the Identity Theft Resource Center, 42.5 percent of all data breaches were in the healthcare industry. The Center also reports that 91 percent of all healthcare companies reported that they had at least one data breach over the last two years.[1]
Despite the efforts of HIPAA regulations to enforce the privacy of patients’ information and the security of their medical records, many studies have shown a surge in data breach cases. Specifically, one study in the Journal of the American Medical Association analyzed the Department of Health and Human Services database on HIPAA disclosures of the loss of PHI affecting more than 500 individuals from 2010 – 2013. This study found that there were 949 breaches during that time, affecting a total of 29 million records. That trend continues to worsen. Earlier this year, Anthem announced they had been breached, which impacted the records of approximately 80 million people.[2] It was followed by data breaches at CareFirst BlueCross BlueShield and Premera BlueCross BlueShield.[3]
Why are hackers targeting the healthcare industry?
First of all, healthcare data is targeted because the information is extremely valuable. It’s valuable because it contains an individual’s personal health information (PHI), identity information (such as date of birth and social security numbers), and may also contain financial or credit card data. All of this data can be used to steal identity and that can potentially ruin the financial lives of those affected.
Secondly, there is a lag in implementing updated technology which creates a consistent challenge for these organizations. The environments of healthcare companies have highly demanding IT infrastructures and networks, where perimeters are no longer well defined. Threats grow more intelligent every day and CIOs need to define the right way to protect their healthcare organization within the modern and ever-evolving threat landscape. Our growing dependence on connected medical devices has also provided an expanded and vulnerable attack surface. For these reasons, healthcare companies are prime targets for cybercriminals.
Healthcare is a profoundly complex, multifaceted ecosystem that demands advanced protection from sophisticated cyber threats. This means that integrated solutions are needed to protect against advanced persistent threats and zero-day attacks, and at the same time, help the organization uphold HIPAA and PCI DSS compliance while also maintaining complete visibility into operations with centralized security management.
There is a wide proliferation of point security products available throughout the industry. However, most of those products tend to be reactive and tactical in nature rather than solutions oriented. We believe that companies need a centralized, integrated approach.
So, how do you accomplish this? It starts by understanding the need for cyber security that extends beyond traditional anti-virus software and multiple compliance checklists. Today’s healthcare organizations need a single solution that combines high performance network security devices with real-time proactive protections. You need highly intelligent technology that keeps up with the threat landscape – technology that can detect and block both known and unknown threats, as well as comply with regulations and give you complete visibility into the security operations of your company.
We can help. To find out more about Check Point’s solutions for healthcare, please visit our website at http://www.checkpoint.com/products-solutions/healthcare/ and schedule a free security checkup.
[1] “Identity Theft Resource Center Breach Report.” Identity Theft Resource Center Breach Report. N.p., 12 Jan. 2015. Web. http://www.idtheftcenter.org/ITRC-Surveys-Studies/2014databreaches.html
[2] Shahani, A. (2015 February 13) The Black Market For Stolen Health Care Data. NPR All Things Considered. Retrieved from: http://www.npr.org/sections/alltechconsidered/2015/02/13/385901377/the-black-market-for-stolen-health-care-data
[3] Kuranda, S. (2015 July 27) The 10 Biggest Data Breaches of 2015 (so far)
http://www.crn.com/slide-shows/security/300077563/the-10-biggest-data-breaches-of-2015-so-far.htm