Phoenix-based Banner Health was hit by the biggest healthcare breach of 2016, potentially affecting 3.7 million people.
The cyber attack was initiated on June 17.
Potential compromised information included patient names, addresses, birthdates, physician names, dates of service, clinical information, health insurance information and social security numbers.
A report by digital security company Gemalto’s,“Data Breach Index for the first half of 2015” – cited in a report by the Institute for Critical Infrastructure Technology in January 2016 – revealed the healthcare industry was the most targeted sector (out of the 16 critical infrastructure sectors).
It highlights, according to a 2012 SANs institute report that 72% of malware traffic targeted healthcare providers in the US.
>See also: How big data is transforming healthcare
The problem has not alleviated, and the report states “since 2009, the annual number of cyber-attacks against the healthcare sector has drastically increased; often the number of attacks exceeds the previous year’s count by at least 40%.”
Why are hackers targeting the healthcare sector?
The main reason for healthcare providers' vulnerability is that they did not start to seriously invest in cybersecurity until 5 or 6 years ago.
This means they are in the relative ‘dark ages’ when it comes to protecting their patients and staffs personal information.
Larger healthcare organisations – those that have more sensitive data – have recognised this threat and have begun investing heavily in cyber security.
They have access to the “resources – people, technology, budget and third-party experts – to prevent hacking in the first place”, according to Mark Dill, principal consultant at consultancy firm tw-Security.
This means 2016 has seen a trend of smaller healthcare organisations being targeted.
Dill remarks that “smaller organizations may struggle to adequately protect PHI [permanent healthcare insurance] because of inadequate resources”.
The most likely cause for such attacks is desired access to; payment card data, “payment card areas of the food and beverage networks [cards used at 27 food and beverage outlets between June 23 and July 7 may be affected by the Banner Health attack], the electronic medical record systems, and every other part of the internal network including email and database systems”, according to John Christly, CISO, Netsurion – a provider of remotely-managed security services for multi-location businesses.
A major problem is that because of the fairly ‘primitive’ nature of healthcare providers cyber security malware can remain undetected for months, feeding of a continuous stream of data and private information.
In this scenario Christly explained that “they can steal massive amounts of data from various systems they find on the network…they may even go as far as leaving back-doors in place to allow for continued access, even after the initial hack is stopped”.
How to move forward for the healthcare sector?
After an attack, preferably before one, it would be necessary to find a third party vendor that could design a specific, and security network that could be managed externally.
Christly suggests, “it would be ideal to have file integrity monitoring tools, security information event management (SIEM), and integrated threat intelligence data”.
Healthcare systems seem to be the most vulnerable to cyber attacks.
Unfortunately, their servers also contain the most sensitive and concentrated amount of personal data.