Did you know that the healthcare industry is one of the most targeted sectors by cyber-attackers? As described by the Marsh & McLennan Companies in their report Holding Healthcare to Ransom it was noted, “more than one in four (27 percent) healthcare organizations report that they have been a victim of cyber-attack in the past 12 months. This is more than financial institutions (20 percent) and nearly twice the incidence in the communications, media and technology sector (14 percent).”
Why is healthcare a vulnerable target for a security breach and what can be done to protect sensitive information? In this BlogBytes we will delve in to these important questions, review a patient records hacking incident and reveal how LTO technology can play a protective role for organizations.
Healthcare Group Attacked
Earlier this year, the largest healthcare group in Singapore fell victim to cyber warfare when ~1.5 million patients had their information compromised. As reported in a Rocketnews.com article, “Data obtained in the breach includes names, addresses, gender, race, date of birth and patients’ national identification numbers.” A single workstation was infected with malware that enabled the attackers to obtain privileged account credentials, which they used to hack the patient database.
It is estimated that the average cost of an attack to an organization can be one million dollars (USD). But why are healthcare institutions high on attackers prey list? Medical records hold sensitive information that can be used to steal identities, damage reputations and enable the monetization of the stolen data.
As defined at SearchSecurity “Malware, or malicious software, is any program or file that is harmful to a computer user. Malware includes computer viruses, worms, Trojan horses and spyware.” It goes on to state that, “these malicious programs can perform a variety of functions, including stealing, encrypting or deleting sensitive data, altering or hijacking core computing functions and monitoring users’ computer activity without their permission.”
Common types of malware include virus, Trojan horse, worm, spyware and ransomware. Malware can be delivered and spread in a variety of methods that can be difficult to detect including: websites and advertisements, downloads, email links and embedded files and even more sophisticated techniques using web proxies to hide malicious traffic or source IP addresses.
Key Steps to Protect Your Data
- Educate: most directed malware attacks come in the form of infected emails. The precarious email contains links or executable files that when opened can attack the system and spread to others. Therefore, personnel must be educated on identifying and properly handling these suspicious and vicious entities. If you’re unsure – don’t click it! Get your IT or security team involved.
- Use Protective Tools: these tools must include vigorous anti-virus software with automatic updates. In addition, sensitive information must be made unavailable to malware and hackers. How? Store data on media that cannot be accessed by the system. This type of inaccessible protective storage is a feature of LTO tape technology. When LTO tape is removed from the tape drive it is no longer connected and is deemed “offline”. This air gap between the tape and the system prevents electronic access and mitigates the risk of attacks by malicious software and cyber-hackers.
As you can see from the examples included in this BlogBytes, the healthcare industry is under attack but they are not alone. All industries are vulnerable to cyber-warfare. Don’t be caught unguarded – prepare your organization now, by educating personnel and using security tools that include LTO technology for the ultimate protection of vital information.