Health care data breaches have been growing in frequency and subsequent damages for years now, while the vast majority of the events actually take place on a smaller scale among community providers. However, in the past couple of months, this has not really been the case, with serious breaches that took place at some of the largest medical firms in the United States hitting the presses with troubling regularity.
Perhaps the most frustrating aspect of these news stories is that the same types of errors, oversights and issues continue to plague the health care sector, with clear indications that security might not be all that high of a priority shining through consistently. It would be one thing if new types of attacks were the causes of each event, as there is only so much a firm can do to protect itself against these, but this has simply not been the case, with poor data management and a lack of email security being common.
To ensure that healthcare providers protect themselves and the patient data they store, more work needs to be done, and many of the steps to improve security are relatively straightforward. Educating employees in the best practices of email security and general data management, deploying encryption solutions and leveraging reliable cloud computing services can all make a major difference when all is said and done.
Long-term attack
CSO Online recently reported that the CareFirst BlueCross BlueShield announcement regarding a breach that lingered for more than a year is clear evidence that a changing of the guard needs to take place among medical firms as soon as possible. As a note, this breach was first identified and disclosed in 2014, at which time the medical firm believed that the entirety of the event was behind it and the case closed.
However, the source explained that roughly 10 months after the last announcement, CareFirst is now affirming that there was a lingering problem that led to even more damage to the company and its patients. According to the news provider, the same types of issues were once again at the root of this problem, with phishing attacks through corporate email and typo squatting being the culprits.
While these conditions did indeed offer the threats an easy path toward sensitive information and systems, the insult added to injury was purely on the shoulders of the company's leaders. For example, CSO Online noted that once the attacks were identified, the firm had plenty of time to ensure that the causes were completely eradicated and corrected, but missed a few important points and allowed its vulnerability to go on for a longer period of time.
Finally, the source cited comments of security professionals who believe that all of these attacks should really be a substantive wakeup call to the healthcare sector at large.
The path forward
The most damaging data breaches tend to be the ones that take the longest amount of time to be detected and destroyed, as evidenced by most of the largest data breaches to have taken place in retail and health care in the past two years. Leaders must ensure that they are not only working to drive down the risk of a breach taking place, but also instituting contingency plans that immediately detect attacks as they occur.
With secure cloud solutions in place, monitoring, maintenance and protection can be a bit more seamless and effective, while email encryption and similar tools will help to reduce the threat of intrusions, fraud and threat on the front end of operations.
Comments (0)