Global Security Mag: Hacker advertises slew of alleged healthcare organisation records – expert comment

June 26 — Hacker advertises slew of alleged healthcare organisation records – expert comment

A hacker is advertising hundreds of thousands of alleged records from healthcare organisations on a dark web marketplace, including social security and insurance policy numbers, while also holding the organisations to ransom – NuData provides expert comments.

Ryan Wilk, vice president at NuData Security: “Are you worried? You should be. The number of reported healthcare breaches has been on the rise in recent years. It’s concerning that the healthcare industry accounted for 44% of all cyber breaches and attacks last year, costing the U.S. tens of billions of dollars. Medical records are worth ten times more than credit card numbers on the dark web. It’s more important than ever for the industry to get ahead of their vulnerabilities.

The industry simply isn’t doing enough to protect patient, client, agent, and other user data – from PII, to PHI, even PCI – from known, much less emerging, security threats.

It’s true that users and providers demand easy unfettered online access. These days, that means connecting and sharing data between multiple cloud-based, as well as on-premise, services and with other healthcare service providers (HSPs). Yet doing so creates risk that critical data will fall into the wrong hands either in transit or at the endpoints. This risk is not lost on users, who are still wary about their most intimate of personal information – their health records. The risk is also not lost on the healthcare providers and insurers, as they lose more on fraudulent claims. Even with this growing awareness, a culture of permissibility and sharing can still sometimes preclude basic security practice and practitioners seem unable to close the gap between expectation and reality.

For the complete article, go here.