Managing Cyber Risks a High Priority for Organizations Responsible for Protecting Healthcare Data
After the attack on Anthem Inc. made headlines in February this year, the repercussions are still being felt, and the healthcare and insurance industries have come under heavier scrutiny than ever. Global Digital Forensics offers solutions which can help organizations responsible for protecting healthcare data significantly reduce the risk of becoming the next national headline for all the wrong reasons.
On February 4th, 2015, Anthem Inc., the nation’s second largest health insurer, disclosed that they had been the victim of a data breach which saw the personal information of 80 million customers compromised, the largest breach of its kind in history. The ripples of that attack are still being felt far and wide, as this article published last week on February 28th in Modern Healthcare shows.
“Healthcare data can be a real prize for hackers,” says Joe Caruso, founder and CEO/CTO of Global Digital Forensics (GDF), a premier national provider of cyber security solutions headquartered in New York City. “To the casual observer it may seem like the kind of information healthcare providers and insurers hold is not as problematic as having actual credit card numbers and access to financial accounts fall into the wrong hands, but that is just not the case. With a social security number and a date of birth, for instance, a hacker could open a brand new credit account and bleed it dry before the victim even realizes it happened. They wouldn’t see it in their monthly statements no matter how vigilant they are, because they wouldn’t even know the account exists, much less how to access it. Personal information can also be used to craft very personalized and convincing spear phishing campaigns, the number one vector hackers use to gain access credentials and account information.”
A big job
“The increasing sophistication and sheer magnitude of attacks can be daunting for healthcare providers and insurers, especially since the personal data the healthcare industry revolves around is highly attractive to hackers,” says Caruso. “So many things in the digital world have converged to make life easier for cyber criminals. Dark Web sites make it easy for them to buy and sell stolen information, the global connection puts entities in play from other countries which can make it extremely difficult if not impossible to find and/or prosecute the criminals, sophisticated exploit kits can be easily bought and put the power of advanced hackers into the hands of just about anyone, and then there are things like the BYOD “Bring Your Own Device” movement, which has become the norm as organizations rely more heavily on digital connectivity to save time and make things as convenient as possible for their customers, and with this shift, introducing a vast array of new cyber threats to deal with. There are just so many ways to be compromised, and in a world of instant 24/7 media, making headlines for the wrong reasons certainly doesn’t inspire confidence in those they have provided services to, making it more difficult to keep customers, attract new ones, or get old ones back after a successful attack.”
Improving cyber security posture the right way
“With the cyber threat landscape always maintaining an ever-evolving fluid state, perfect cyber security is simply impossible,” says Caruso. “The very nature of cyber security today is reactive. As threats get developed and vulnerabilities get exploited, there is always some victim at the starting point that had to experience it before it’s identified, exposed, documented and fixes or patches are built to eradicate the problem. That’s the harsh reality and any “cyber security specialist” that says otherwise is not being forthright with their clients. But that’s not to say healthcare providers should just crawl under a rock and give up, because excellent cyber protection can still be achieved by adhering to the basics, step one always being a comprehensive threat assessment and penetration test designed to test an organization’s unique situation, from equipment, policies and function, to personnel procedures and habits, as well as the regulatory compliance obligations the healthcare industry faces.”
“Once weaknesses are exposed, we deliver detailed reports breaking them down and offer remediation options to help strengthen all the links in the chain. We understand one size doesn’t fit all; a restaurant, a hospital and a military defense contractor will obviously have very different needs to be considered. But with our background spanning two decades of handling a great diversity of clients, including the healthcare industry, we won’t be overwhelmed or over-matched to handle any situation,” says Caruso.
What if an incident has just occurred, or is occurring right now?
Global Digital Forensics has responded to cyber intrusion incidents for some of the most recognized entities in the world. With a network of experienced emergency incident responders strategically situated across the country and the globe, Global Digital Forensics can respond within hours, not days, to a major cyber incident and help the client identify the breach or attack, control it, help meet regulatory compliance issues and help clients survive the aftermath of an attack, which always has the potential to severely erode customer confidence and trust if not properly handled.
*Global Digital Forensics is a recognized industry leader in the fields of computer forensics, cyber security and emergency incident response, with years of experience assisting clients in the government, banking, healthcare, education and corporate arenas. For a free consultation with a Global Digital Forensics specialist, call 1-800-868-8189 about tailoring a cost-effective plan which will meet your unique needs, without wasting resources on solutions you simply don’t need. Emergency responders are also standing by 24/7 to handle intrusion and data breach emergencies whenever and wherever they arise. Time is critical if a cyber incident has occurred, so don’t hesitate to get help. For more information, visit our cyber security page.