Accenture has issued findings this week indicating that one in four US consumers have had their healthcare data breached, according to a survey of more than 2000 US consumers. Cybersecurity experts respond, offering perspective:
Willy Leichter, VP of Marketing, CipherCloud reacts: "These startling results demonstrate the extent of the epidemic of personal data theft. While most healthcare providers are sensitive to HIPAA compliance in terms of access to physical medical records, clearly their cybersecurity defenses are not keeping pace with well-organized and technically savvy hackers."
Brian Laing, VP Products and Business Development, Lastline says: "Cyber criminals are patient and very good at building dossiers on prospective victims. They start with a data breach that gives them a foundation of details, and then they persistently add to it until they’re able to perpetrate profitable crimes, such as receiving medical services or buying prescription drugs using someone else’s identity and credentials. Healthcare providers can protect their patients by preventing the initial breaches, which most frequently start with malware penetrating their defenses from email attacks, browser-based exploits, and employee’s personal devices that were previously infected. Providers that implement malware detection systems, especially those based on detecting malicious behavior instead of relying on signatures and are therefore are unable to recognize zero-day attacks, will be well prepared to protect their clients' confidential PII."
Jeff Hill, Director, Product Management, Prevalent, remarks: "The results of the Accenture report will come as no surprise to cyber security professionals. Stolen medical records can command orders of magnitude more money than stolen credit card numbers on black markets, making them prime targets for cyber criminals. Unlike a credit card that can be easily cancelled, medical records include social security numbers, birth dates, prescription and medical history, insurance data, and other tantalizing information that can be leveraged in multiple nefarious ways, including lucrative Medicare and insurance fraud. With a nod to Willie Sutton, cyber criminals are targeting medical records simply because that’s where the money is."
Rod Schultz, VP of Product, Rubicon Labs, adds: "It’s important for the public to realize the value of their medical data. A stolen credit card or bank account number has a very well understood and effective containment procedure that pinpoints the compromised account, invalidates the number and issues a new one. Stolen medical records, especially those that contain social security numbers, are better thought of as a form of digital cancer that may never be fully contained. The connecting of medical devices to a network will create a truly vast new pool of targets and expand the revenue-generating attack surface for hackers. Illegally-obtained data will be processed with the same AI and deep learning tools that legitimate cloud services now harness, and organized crime will evolve, innovate and build new businesses on these stolen records, making IoT security one of the crucial health data issues of our time."