Hacked. A phrase that will be more commonly associated with ‘hospital’ in the coming years as hackers attack weak hospital infrastructures for high value patient records. How frequent? According to data published by U.S. Department of Health and Human Services, the health care industry has averaged close to four data breaches per week in 2016.
See the Breach Portal for up to date reported breaches.
Four per week – think about that. And there are no signs of this slowing down.
In February, Hollywood Presbyterian Medical Center made national headlines when hit with a ransomware attack – asking for $3.6M or 9,000 bit coin. This attack effectively shut down hospital operations and required patients to be sent to surrounding hospitals for care.
In March, 21st Century Oncology, which operates 145 cancer treatment centers in the US, reported a loss of 2.2M records to a security breach. This hack occurred in November 2015, but the FBI requested a delay of notification to not interfere with its investigation.
What is Next for Hospital Security?
For hospitals, the challenge lies in connecting many devices to a shared network – with ease of connectivity taking priority. Ease of connectivity doesn’t need to result in an unsafe network. While compliance with HIPAA’s technology requirements are a good start, hackers can attack by a number of methods:
- Brute force.
- Social engineering.
- Malware laden email attachment or external links.
- Unsecure VoIP phone systems.
- The list goes on. [space height=”20″]
Is your network and Electronic Medical Record (EMR) system adequately prepared for an attack?
Why the Zero Trust Model Matters for Health Care
Too often, network security focuses on preventing attackers from getting in, with little planning done for contingencies once a hacker gets into your network. Modern firewalls and security software are passive – once a behind the security wall the hacker can do as they please. The Zero Trust Model from CyberGRC changes that model completely. Our active monitoring system and security protocols identify hackers in real time and before they steal your patient’s personal information.
A hacker will sit unnoticed within a network for an average of 6 months!
The threat of a cyber security breach is real for healthcare – but there is still time to prevent significant data and financial loss. Let CyberGRC provide you with a detailed evaluation of your network with a Penetration Test – not only showing you where the gaps are, but also how to fix them. Start protecting your network today!