Contact us today!
(518) 203-2110

Evolve IT

Evolve IT has been serving the Saratoga Springs area since 1995, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

Pandemic: Hackers Have Stolen More Than 100 Million Healthcare Records

Pandemic: Hackers Have Stolen More Than 100 Million Healthcare Records

Healthcare organizations are a hot topic when it comes to cybersecurity, as even a small data breach could turn into a goldmine for hackers. Recently, IBM’s 2016 Cyber Security Intelligence Index has reported a data breach that exposed more than 10 million medical records, which shows us just how scary a breach of this kind can be. The secret weapon, in many cases, is a threat called ransomware.

Ransomware is a common and painful threat in its own right, even when it’s not used to target healthcare organizations. Yet, the nature of healthcare records makes it an extraordinarily difficult threat to work around. For one, hospitals often have no choice but to pay the ransom, since they need access to important files in order to continue doing their jobs. This has left many hospital administrations with no choice other than to pay the ransom, in order to guarantee the safety and protection of their patients, and to avoid nasty falling-outs that could come in the form of legal ramifications.

Granted, medical records also contain plenty of sensitive information in their own right, including financial details, home addresses, Social Security numbers, and plenty more. Basically, a healthcare-based security breach hands over all of the data necessary to steal someone’s identity.

One hacker with the overzealous and somewhat hilarious monicker, TheDarkOverlord, posted over 650,000 patient records for sale on the dark web. TheDarkOverlord used an unknown vulnerability in the Windows operating system to infiltrate a hospital’s systems, and then located the database credentials in an unencrypted plain text file, which allowed him to steal the medical records. Instead of posting them immediately, TheDarkOverlord thought that he would be able to get more money for them from the affected companies.

The breach affected three companies: one in Farmington, Missouri, one in Georgia, and another in an unspecified location somewhere in the Central/Midwest United States. Naturally, they all refused to pay, so the hacker determined that the best course of action was to auction them off to the highest bidder. The Georgia haul has reportedly already been quite fruitful for the hacker, and someone has offered to purchase all of the data from insurance provider BlueCross BlueShield (which you may recall getting hacked last year). To these companies, TheDarkOverlord has issued a statement: “Next time an adversary comes to you and offers you an opportunity to cover this up and make it go away for a small fee to prevent the leak, take the offer. There is a lot more to come.”

This ultimatum seems to be just the beginning, as intrusions into the hospital networks themselves seem inevitable. Hackers that can gain access to internal hospital networks can steal medical and financial records of patients, as well as potentially interfere with any connected devices on the network. Criminals could change or alter settings on devices, with patients’ lives hanging in the balance. For doctors and hospital administrators, this possibility must be terrifying, as the institution could face paying an immense ransom fee, or charges for malpractice.

You would think that organizations would have preventative measures put into place that keep sensitive data from being exposed to dangerous hackers. Yet, this is simply not true in some cases. While it’s required that preventative measures are put into place, encryption often isn’t required in order to comply with HIPAA. Thus, the lack of preparation leads to hacks. Additionally, some organizations lack the dedicated internal IT department that can keep systems secure, and that’s not even mentioning data backup. To make matters worse, 25 percent of healthcare institutions have no way to determine if they’ve been hacked, and by the time they know they’ve been the target of ransomware, it’s far too late.

Healthcare, and other high-profile hacking targets, need to understand that they have a giant bullseye painted on their sensitive information. Even a small business has something to offer hackers, however. In order to protect your business, be sure to follow these two steps.

Establish an Iisolated Backup Solution
Whenever there is critical data involved in the day-to-day operation, a backup solution is something that is absolutely necessary for the organization’s safety and security. In the case of a healthcare organization losing their files to some nefarious intruder, a backup will allow them to continue their operations without putting the health and safety of the patients at risk. However, for this backup to be truly effective, it must be isolated from the original system; otherwise, the hacker will likely be able to access the backup as well. As an added advantage, this separation also protects the data against disasters, such as fires, floods, or user error.

Implement a Reliable Defense Strategy
Considering that most external attacks take advantage of system vulnerabilities, this facet is intended to remove the vulnerabilities from your system. As vulnerabilities come in different varieties, your strategy will need to be multifaceted to cover all of your bases. Install and maintain reliable antivirus and malware blockers, and educate yourself and your users on industry best practices for data security.

To protect your business’s infrastructure from external threats, reach out to us at (518) 203-2110, and subscribe to our blog.

Comments

 
No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Sunday, 22 December 2024
If you'd like to register, please fill in the username, password and name fields.

Captcha Image

Blog Archive

Free Consultation

Sign up today for a
FREE Network Consultation

How secure is your IT infrastructure?
Let us evaluate it for free!

Sign up!

Free Consultation
 

Tag Cloud

Tip of the Week Security Technology Internet Best Practices Cloud Hackers Privacy Email Productivity Business Malware Software Business Computing User Tips Upgrade Efficiency Workplace Tips Google Computer Hosted Solutions Microsoft Windows 10 IT Support Mobile Devices Innovation Smartphone Hardware Network Security Ransomware Gmail Microsoft Office Office Backup Operating System Apps Business Continuity Disaster Recovery Communication The Internet of Things Social Media Hacking WiFi Bandwidth Facebook Safety Mobile Device Management Unified Threat Management Money Network Quick Tips Managed Service Provider Outlook Firewall Content Filtering Wireless Technology Android Cybercrime Smartphones Website Apple Best Practice Alert Employer-Employee Relationship Networking History Two-factor Authentication Data storage Data Windows Small Business Experience Phishing App Mobile Computing Big Data communications Social Networking Disaster Micrsooft Visible Light Communication Public Speaking Monitors IP Address Business Growth Virtualization Data Management Recovery Robot Advertising Society Government Sports Displays Augmented Reality Google Wallet Keyboard Spam Running Cable Search User Information Technology Hard Drives Windows 8 Internet of Things End of Support Remote Computing Hosted Solution Shortcut Windows XP IT Services Documents DDoS Artificial Intelligence Heating/Cooling Tech Support Word Compliance Writing Drones Social Printer Business Management Browser Virtual Desktop Wireless Unified Communications Securty Competition Presentation Document Management Entrepreneur Encryption VoIP Retail Domains Law Enforcement SaaS Hacker Proactive IT Cortana Managed IT services Network Congestion Application Save Money Customer Service Music Bluetooth Cryptocurrency Laptop Automation Router IBM Memory Office 365 Google Docs Education Cleaning Holiday Deep Learning Analytics Black Market YouTube Saving Money Processors intranet Staffing BDR Lithium-ion battery Office Tips LiFi BYOD Downtime Vendor Management Passwords Streaming Media Help Desk
QR-Code