December 5, 2019 • RBS

Categories: Security News

Doctor! Doctor!

Can’t You See I’m Burning, Burning?

Journalists at NBC’s WESH reached out to us following the release of our latest DataBreach QuickView Report to learn more about our findings regarding data breaches in the Healthcare industry. You can watch the story here.

Here’s what we found:

  • Within the last ten years, there have been 1,461 data breaches affecting Florida-based Healthcare organizations.
  • 159 million patients have been affected by these breaches.
  • In 71% of these cases, personal or financial data was accessed.

The Data Breach Landscape

159 million is a big number but it is nowhere near the total amount of records exposed. As of Q3, 7.9 billion records have been exposed worldwide and our data suggests we are on track to reach 8.5 billion by the end of this year.

According to our research, of the organizations that could be definitively classified, medical service providers are the most compromised economic sector.

Valuable Personal Information at Risk

It’s unsettling that medical service providers are being targeted by malicious actors. If you think about it, is there anyone that knows more about yourself than your doctor? Hospitals and related organizations contain a treasure trove of information that other businesses don’t collect. This includes your medical history and healthcare organizations have your financial records, name, Social Security number, and in some cases, your biometrics.

The Healthcare industry doesn’t have a good track record in safeguarding data. In our Mid-Year Data Breach QuickView report (included when you request our latest edition) we had researched the ramifications of the compromise at American Medical Collection Agency (AMCA). The fallout was substantial. Hackers infiltrated AMCA’s network and pilfered over 22 million debtors’ records. Names, addresses, dates of birth, Social Security numbers and financial details were taken. Even if the hackers choose not to use the information for fraud, it’s just the type of data that can be leveraged for phishing schemes.

If you have ever experienced a case of identity theft, you know how difficult and time consuming it is to rectify the mess that ensues. If you haven’t, you can imagine the impact of a malicious person taking your credit card. Sure, you can get a new card. But what about your DNA profile? You can’t get new body (at least not yet).

Hold Them Accountable

What can customers do about the situation? As Jake said in his interview, we need to hold medical providers accountable for the data they store. If a breach occurs within a network you’ve used, demand details of the breach and how it affects you. Ask your medical providers why they need the personal information they are asking for, how it will be stored and who will have access to it. Request a copy of your medical files to see what they have and find out where they’re being shared. There are too many instances of where organizations do not take the proper steps in protecting or disposing of medical records.

What You Can Do as an Organization

Regardless of industry, all organizations should take steps in safeguarding sensitive data. In order to better protect data, organizations need actionable threat intelligence about data breaches and leaked credentials. Our product, Cyber Risk Analytics (CRA), is the standard for data breach intelligence, risk ratings and supply chain monitoring.

With our PreBreach Risk Ratings, CRA provides a deep dive into the metrics driving cyber exposures, as well as understanding the digital hygiene of an organization and predicting the likelihood of a future breach.

The integration of CRA into security and underwriting processes, vendor management programs, and risk management tools allows organizations to avoid costly risk assessments, while enabling businesses to act quickly and appropriately to proactively protect its most critical information assets.

We’d love to show you how Cyber Risk Analytics can help you protect your data and customers.

Our products
The Platform
Risk Based Intelligence
Learn more
Vulnerability Intelligence
Learn more
Cyber Risk Analytics
Threat Intelligence
Learn more
Risk Management
Learn more