Error Omissions
Error Omissions
Submit your information below so we can contact you with a FREE quote
[All fields are required.]
Actual Annual Revenue:
Verify:
=
I have read and agreed to theTerms & Conditions
Error Omissions
Error Omissions

Healthcare Industry Increasingly at Risk of Cyber Attacks


Healthcare Industry Increasingly at Risk of Cyber AttacksSimulated Cyber Exercises Taking Place to Test Industry’s Security, Gaps

In discussing the increased exposures and risks surrounding data breaches, on a few occasions we have looked at the rise in cyber attacks against the healthcare industry. The healthcare sector, according to a study by non-profit organization, Identity Theft Recourse Center, suffered the highest attacks last year. The report cites that health-care organizations suffered 267 breaches or 43% of all cyber attacks in 2013. In total, data breaches are costing healthcare organizations an estimated $5.6 billion annually, according to figures released by the Ponemon Institute.

Moreover, in another study by cybersecurity firm Norse and security research institute SANS, it was reported in the Los Angeles Times that 375 healthcare organizations in the U.S. had been compromised, and in many cases are still compromised because they have not yet detected the attacks. The study looked at hospitals, insurance companies and pharmaceutical companies from September 2012 to October 2013. According to the findings, in addition to getting access to patient files and information, the attackers infiltrated devices such as radiology imaging software, conferencing systems, printers, firewalls, web cameras and mail servers.

What was disconcerting about the Norse/SANS report is that in many cases network and security protocols were amiss. “…there is a sheer lack of basic blocking and tackling within these organizations,” said Sam Glines, chief executive of Norse, in the Los Angeles Times article. “Firewalls were on default settings. They used very simple passwords for devices. In some cases, an organization used the same password for everything.”

There are many reasons for the rise in attacks including the fact that there is an increased number of healthcare facilities and physicians using more medical devices connected to the Internet. Additionally, you have more patient information being placed online as part of the growing network of federal and state health insurance exchanges.

Cyber Exercise Drills Taking Place This Month

The high exposure to cyber attacks and the risk of patient data and privacy being compromised is not lost on the healthcare industry. In fact, this month, according to Homeland Security, the healthcare industry, in partnership with the federal government, is conducting simulated cyber attacks targeting industry networks and resources in an effort to test the industry’s vulnerability to cyber attacks. Called Cyber Rx, this is the first time insurers, hospitals, pharmaceutical manufacturers, and the Department of Health and Human Services (HHS) will run coordinated drills.  HHS Chief Information Security Officer Kevin Charest said in a statement, “Our goal for the exercises is to identify additional ways that we can help the industry be better prepared for and better able to respond to cyber attacks. This exercise will generate valuable information we can use to improve our joint preparedness.” The findings of the results will be summarized in a report and released in April.  There will also be another exercise drill in the summer.

The goals of the Cyber Rx drills, according to the HHS, in addition to evaluating the security results in the organizations participating, is to develop a better understanding of the healthcare industry’s cyber threat response readiness; test the coordination with the U.S. Department of Health and Human Services relating to cyber threats and the healthcare industry response; and document threat and attack scenarios of value for future exercises engaging additional healthcare industry organizations and in support of industry preparedness.

The importance of strong security protocols cannot be underestimated as we are living in a world where cyber crime has become more sophisticated and increasingly more commonplace. In addition to having robust security measures, a strong Cyber Liability insurance solution must also be secured. At Axis Insurance Services, we offer Privacy & Network Security insurance programs across many industry sectors, including healthcare. We not only know how important this coverage is to protect an organization’s assets but also how vital it is in assisting with reputational management. Additionally, our professional staff understands the increased exposures medical providers face with tougher regulation and greater obligations to protect patient data. Talk to us about how we can help protect you in the event of a data breach or other cyber crime. Give us a call at: (877) 787-5258.

Sources: Los Angeles Times, Washington Post, Homeland Security, Dept. of Health and Human Services, Washington Post, Clinical Innovation & Technology, Ponemon Institute

Comments

comments

Blogged on: March 17, 2014 by Mike Smith
Error Omissions
Error Omissions
Submit your information below so we can contact you with a FREE quote
[All fields are required.]
Actual Annual Revenue:
Verify:
=
I have read and agreed to theTerms & Conditions
Error Omissions
Error Omissions