Tag: information security

Healthcare Hacking Profitability and Prevention

By Ken Lynch, founder and CEO, Reciprocity Labs.

Ken Lynch

For decades now, hackers have been cashing in on financial data. The routine has been constant. A hacker finds their way into a site, steals financial information belonging to the site’s visitors then uses their personal information to create fake credit cards. These are then used to steal money from unsuspecting individuals. However, this trend hit a snag once financial institutions found ways of stopping such activities. This was frustrating to these intruders considering that most times, their efforts were rendered futile after the cards they made are blocked.

These people then discovered a new cash cow that allows them to reap money from insurance companies. Typically, hackers get as little as $1 for one credit card, which is a meager payment for such a dangerous job. However, healthcare information pays well in that they create counterfeit health insurance cards, then make cash claims in fabricated hospitals. Considering that the demand for this data is high, healthcare data attacks have been on the rise, targeting several hospitals, and they have managed to affect over 11 million people.

How do you keep your data safe from these online breaches?

With such high stakes, each hospital needs to come up with security measures that ensure their data is always safe. Look at some of the possible ways you can secure your information.

Asses the risks

You cannot solve a problem if you are not aware that it even exists in the first place. Check for loopholes that leave your hospital vulnerable to these attacks. For instance, a hospital with few employees leaves specific sectors such as the IT section unmanned, which makes them susceptible to being attacked. You must approach this by looking at the most sensitive areas of a company and find out the consequences that you may face if your data is stolen.

Appraise all agreement with business partners, vendors and client every year

Know the type of information that the people and entities you interact with access. Learn what your contract entails and review the speculations regularly. Long before new laws were formed, third-party companies never had any agreements with any of their partners. Whenever they got a hold of information, it was up to them to know what they wanted to do with such intel. In this era, such loopholes can lead to massive scandals, which is why you need to evaluate every past action and put stringent measures to ensure anyone who encounters sensitive information knows the implications of going against the agreement. Do not give a lot of authority to vendors and ensure that they sign privacy policies that bar them from sharing or using private data.

Continue Reading

Hacking Healthcare Reminds Us of Our Need to Assess Vulnerabilities

Bill Balderaz, president, Fathom Healthcare.

Bill Balderaz
Bill Balderaz

In light of the recent hacking healthcare news in which of health insurer Anthem, hospitals and health systems should be reminded of the need to assess their own vulnerabilities. Historically, healthcare organizations have lagged behind other regulated industries in keeping pace with information security despite compiling patient data at expanding rates. Unfortunately, the Anthem attack is unlikely to be an isolated incident: Industry executives have already predicted phishing and malware will be on the rise in 2015.

With an ever-increasing number of Internet-connected devices accessing hospital networks, hackers have an increasing number of ways to exploit vulnerable systems and steal information.

Understanding hacker motivation is important. Some want to sell private information, such as Social Security or credit card numbers. Patient and consumer data have a lucrative black market. Other hackers commit corporate, industrial or political espionage by compromising systems and stealing sensitive information, trademarked designs or strategic plans.

To combat these growing threats, hospitals and health system have prioritized measures such as two-factor authentication; encryption and mobile device security; security risk analysis; advanced email gateway software; and expansion of IT security staff.

What other actions should prudent institutions take?

First, hospitals should develop comprehensive risk assessment plans. These plans can identify potential weak points, determine best practices and provide a roadmap for increased security. They should be reviewed and updated continually. Hospitals also need regular security assessments and training sessions for anyone who uses a computer.

The biggest oversight most organizations make is neglecting the training of end users. Basic training of users upon hire and at least annually will help protect an organization. Users need to make sure they’re not making common mistakes, such as clicking links in phishing emails. Following bogus links can easily allow hackers to steal information or infect computers. Users need to be educated about how to identify and avoid these types of risks. Continue Reading