A study conducted by Norse, a Silicon Valley cybersecurity firm, and SANS, a security research institute have discovered that healthcare institutions are not only being hacked, but routinely hacked. Many of these infiltrations have gone unnoticed at insurance and pharmaceutical companies as well as hospitals.
The report by Norse and SANS found that a total of 375 breaches occurred in the United States between September 2012 and October 2013. Because some of these breaches have yet to be detected, many of the organizations are still compromised. Chris O'Brien from the Los Angeles Times states that "the surge in attacks comes as hospitals and doctors across the country are using more and more medical devices that are connected to the Internet in some fashion."
Patient files and information have been taken, but what is very disconcerting is that devices such as radiology imaging software and mail servers have been infiltrated as well. Sam Glines, chief executive of Norse states "what's concerning to us is the sheer lack of basic blocking and tackling within these organizations. Firewalls were on default settings. They used very simple passwords for devices. In some cases, an organization used the same password for everything."
Glines also feels that "with more healthcare information coming online, it becomes more valuable and therefore a richer target. We expect to see an uptick of breaches related to healthcare. It’s sort of a perfect storm." Healthcare providers need to prepare themselves and their practices for this new threat.
To view this article from the Los Angeles Times in its entirety click here
Image via Brian van der Brug for the Los Angeles Times