Recent Healthcare Cyber Attacks Should Be Seen As A Wake Up Call

2015 was a painful year concerning Healthcare cyber attacks. According to the Office of Civil Rights (OCR) there were over 250 Healthcare breaches that impacted 500 people or more with a combined loss of over 112 million records.

In 2013, WellPoint found itself on the receiving end of HIPPA fines totaling nearly $2 million after exposing hundreds of thousands of ePHI (Protected Health Information).

Healthcare Cyber Attacks Are Expensive

By far, Anthem Inc. won the dubious honor of largest Healthcare cyber attack of 2015. The organization suffered a massive data breach as hackers broke through its defenses and stole account information from nearly 80 million of the company’s clients.

Unfortunately, for Anthem Inc., this is not the first time the company found itself the victim of a data breach. The company was formerly known as WellPoint Inc. and formed when Anthem Insurance purchased WellPoint Health Networks in 2004. In 2014 WellPoint officially changed its corporate name to Anthem Inc.

In 2013, WellPoint found itself on the receiving end of HIPPA fines totaling nearly $2 million after exposing hundreds of thousands of ePHI (Protected Health Information).

The HHS Office for Civil Rights’ report on WellPoint indicted a security weakness in an online application database left the ePHI of 612,402 individuals accessible to unauthorized individuals over the Internet.

These deep fines are not the only costs health care providers must be concerned about.

In 2014 the Sans Institute Reading Room published a report titled, “Health Care Cyberthreat Report, Widespread Compromises Detected, Compliance Nightmare on the Horizon.” It references the 2013 Ponemon Cost of a Data Breach report, which outlines a number of expenses related to a breach such as:

  • incident handling
  • victim notification
  • credit monitoring
  • projected lost opportunities

According to the SANS report, these issues cost healthcare organizations globally in the range of $233 per compromised record. Additional recovery actions, such as legal actions, recovery, new security control investments, extended credit protection services for victims and other related costs, actually push the cost much higher—amounting to an astronomical $142,689,666 in the case of the WellPoint incident. In addition to these remediation costs, there are also other concerns such as potential fallout in stock prices and the intangible costs of brand damage when word gets out about the company’s missteps.

According to the SANS report, these issues cost healthcare organizations globally in the range of $233 per compromised record.

Anthem Inc. Is One In A Long List Of Damaging Cyber Attacks

In terms of Healthcare cyber attacks, Anthem is the largest data breach to be disclosed by a healthcare company.

However, it is one in a long line of breaches that continue to have a deep and negative impact on the global economy. 2014 saw massive cyber attacks on giants such as Target, JP Morgan, Home Depot, Apple and Sony to name a few. According to a study from PricewaterhouseCoopers, the number of detected cyber attacks skyrocketed in 2014, up 48 percent from 2013.

A separate report from security software vendor Kaspersky Lab estimated an average data security incident costs a company $720,000.

The report states that successful targeted attacks could cost a company nearly $2.54 million. Nearly every company surveyed by Kaspersky — 94 percent — had some type of cyber security incident in 2014.

Kaspersky Lab estimates the average data security incident costs a company $720,000.

What does the future hold?

Unfortunately, the future of healthcare and hacking appears to offer more of the same. Forbes recently interviewed a number of cyber security experts for their take on the precarious situation.

In a recent article by Forbes, Theresa Payton – CEO Fortalice Solutions LLC and former White House CIO stated the following:

“The IDC’s Health Insights group predicts that 1 in 3 health care recipients will be the victim of a health care data breach in 2016.  These stats should be a wake-up call for the entire industry. Why? My prediction is that credit card data will decline in value on the black market as chip and signature and chip and pin card adoptions rise and unfortunately, those bad guys will mine the health care industry’s data to steal patient records and personally identifiable information to commit health care fraud, and listen in on the unsecured medical devices that have created a “chatty” Internet of Things. In 2015, more people than ever learned their data was stolen and used to target them in ways they could not have even imagined. The consumer can’t leave the safety of their data to any government or private sector entity. If someone has your data, it can and will be hacked unless you take your own steps to protect it.”

The Solution: Unbreakable Data Encryption and Irrefutable Identity Management

As cyber attacks become more frequent,  more sophisticated and more expensive to remediate, companies must take steps to protect their valuable data from hackers.

Data encryption and more specifically Zero-Knowledge privacy, must be at the foundation of any successful cyber security system.

Essentially, Zero-Knowledge privacy means that your data is encrypted and no one, other than you and those you grant permission to, can access your data.

With a sound, unbreakable data encryption system in place, any hacker attempting to breach a health care provider’s defenses and access sensitive patient information will be met with nothing more than a useless and undecipherable jumble of numbers and letters.

Along with unbreakable data encryption, an irrefutable identity management system is also critical to a successful cyber security strategy. All too often hackers are able to break through a company’s defenses by stealing usernames and passwords. With this type of attack becoming more common, it is wise for companies to utilize multi-factor authentication. This type of authentication can consist of a number of different options, such as biometric login. This way a company can always be sure that the person attempting to access valuable data is who they say they are.

As hackers become more creative in the ways they attack, data encryption alone is no longer considered a solution. However, unbreakable data encryption (Zero-Knowledge privacy) coupled with irrefutable identity management make for a significant barrier against hackers.

To learn more about how Mice 360 can help your organization prevent Healthcare cyber attacks and secure all of its devices, including implanted medical devices, contact us today.

Leave a Reply