Hackers hit the health care industry hard in 2015. According to the Identity Theft Resource Center, there have been over 250 data breaches executed against organizations in the medical and health care sectors. The most notable cyberattacks were conducted against Anthem, which affected nearly 80 million customers, Primera Blue Cross, which affected 11 million, and Excellus, which resulted in protected health information of approximately 10 million people being compromised. Fallout for these companies came in the form of free identity protection services for affected customers, legal damages and more.
Part of the catalyst for the ever-increasing number of cyberattacks is the volume and skill of modern hackers. However, weak cybersecurity also has a hand to play in the bevy of breaches that have been orchestrated against companies in the health care sector. Studies suggest that if these companies do not bolster cybersecurity soon, 2016 may be a year for the hacking record books, even worse than what was seen and experienced in 2015.
A grim year ahead for health care companies
Cybercriminals have been well-aware of the value of health records for some time. Personal information such as Social Security numbers, credit card numbers, names and addresses can be sold on the Dark Web and used for fraudulent activity and identity theft. As more of these records are digitized and stored online, and as telemedicine continues to develop, the digital bull's-eye on health care companies will only get bigger.
"The bull's-eye on health care companies will only get bigger. "
Even institutions that adhere to HIPAA compliance standards are at risk. Hackers continue to find cracks in seemingly ironclad cybersecurity solutions, and as more health records go online, they will go after the jackpot with greater ferocity than ever before.
In 2016, the research firm IDC has estimated that around a third of all health care records will be stolen. Even when accounting for the growing number of cyberthreats, IDC stated that deficient cybersecurity will ultimately be the reason so many cyberattacks will be successful. Despite stringent compliance measures put in place by HIPAA, many health care institutions continue to negate best practices, which often results in hefty settlements.
"Frankly, healthcare data is really valuable from a cybercriminal standpoint. It could be five, 10 or even 50 times more valuable than other forms of data," said Lynne Dunbrack, research vice president for IDC's Health Insights, according to Computerworld.
Create well-rounded defenses with Managed SIEM
Not enough organizations have accepted the inevitability of a data breach as fact. As long as this is the case for health care institutions, health care records will continue to become loot for hackers. Therefore, it is essential to have a plan for when a data breach occurs, and the first step in this plan is being able to detect the breach early.
The more time a hacker has inside the network, the more information said hacker can pilfer. This may seem like common sense, but all too often businesses are blindsided by hackers who have managed to move unhindered within a network once they've snuck past the guards. Catching a cyberattack early can mean the difference between cybercriminals getting away with a handful of information versus 78 million health records.
By tasking cybersecurity professionals with monitoring network traffic, SIEM-as-a-service helps organizations sniff out suspicious activity within the network. Because SIEM services are now cloud-based, they can be easily deployed at an affordable price. This makes them ideal for enterprise-size health care institutions as well as midsize organizations – which are still highly prized targets for cybercriminals. The only way to truly defend the network inside and out is to take an all-encompassing approach to cybersecurity – one that incorporates managed SIEM.
Cybersecurity news and analysis brought to you by Arctic Wolf, leading provider of managed SIEM services.