Cyberespionage has dominated the headlines recently. Investigations are ongoing into what degree Russia may be responsible for hacks into various systems in pursuit of embarrassing information on certain politicians. It also appears that governments are not limiting their efforts to collect data on individuals to hacking email systems.
The Department of Insurance for the state of California revealed this week that it believes that the breach of over 78.8 million healthcare records belonging to the Anthem healthcare company was carried out by a foreign government.
Healthcare records have been a favorite target for cybercriminals for years. A recent report published by TrapX, a provider of tools to combat cyberattacks using deception techniques, concludes that 93 major healthcare cyberattacks reported in 2016 represent a 63 percent increase over the previous year. Furthermore, the report concludes that sophisticated attackers are now responsible for 31 percent of all major data breaches reported under the requirements of the Health Insurance Portability and Accountability Act.
A healthcare record is worth a lot more than credit card data because armed with healthcare data, it becomes a lot easier for criminals to create a fake identity. Obviously, espionage agencies belonging to various governments have an interest in being able to create fake identities as well. In addition, those agencies are probably trolling for sensitive data relating to the health of government officials. Knowing a government official has a heart condition or an addiction to a specific substance can be useful in any negotiation.
Of course, it’s hard to know exactly how stolen medical data is being employed until someone discovers their identity has been stolen. The processes associated with regaining control over one’s identity are anything but simple, so it often turns out that stolen medical data is only the beginning of a trip down the bureaucratic rabbit hole.
The healthcare industry doesn’t have the greatest reputation for being able to secure data. Just this week St. Jude Medical, a unit of Abbot Labs, released a series of updates designed to correct security flaws in its medical devices. But things are getting better. The Healthcare Information and Management Systems Society (HIMSS) has set up a Cybersecurity Command Center to educate IT personnel on best practices concerning data security. Meanwhile, IBM and the U.S. Food and Drug Administration (FDA) revealed they are collaborating on a research project to examine how blockchain technologies might be employed to better secure healthcare data. It’s little wonder that IT professionals in the healthcare sector rank security as their top priority for 2017.
Unfortunately, the average IT department in a healthcare organization now finds itself combatting both organized cybercriminals and espionage agencies. The latter are particularly troubling because they have access to the kinds of tools and resources required to launch attacks at scale. In fact, while the Anthem breach might be the largest ever publicly acknowledged one in the healthcare industry, it’s probably only a matter of time before an even larger breach gets discovered.
Mike Vizard has covered IT for more than 25 years, and has edited or contributed to a number of tech publications including InfoWorld, eWeek, CRN, Baseline, ComputerWorld, TMCNet, and Digital Review. He currently blogs for IT Business Edge and contributes to CIOinsight, The Channel Insider, Programmableweb and Slashdot.Mike also blogs about emerging cloud technology for Intronis MSP Solutions by Barracuda.