One Article Review
| Source |  AlienVault Blog |
|---|---|
| Identifiant | 1593454 |
| Date de publication | 2020-03-12 12:00:00 (vue: 2020-03-12 13:00:58) |
| Titre | Malicious Actors and Medical Data: Where Are We Heading? |
| Texte |
Data is the hottest commodity in town, particularly on the dark web. But there’s one type of file that hackers are most interested in: your medical data. Whereas a credit card number or Social Security number can net a criminal $1-$15 depending on the data type, medical records can sell for the equivalent of $60 each (in Bitcoin).
What’s more, the theft of these files isn’t uncommon. Despite U.S. healthcare organizations’ mandatory compliance with the Health Insurance Portability and Accountability Act (HIPAA) Security Rule, healthcare topped the charts for the number of data breaches in 2018. And hackers don’t need to break in to get the data: over half the incidents reported were the product of internal threats, either errors or bad actors.
As the medical community becomes more and more reliant on internet-connected technology and generates record amounts of personal data, they’re going to need to learn how to scale their cybersecurity efforts to the same extent. Patients’ privacy and even their lives depend on it.
The Medical Community Needs to Get Better at Security
Stories of hacked machines, demands for payment, and blackmail are appearing in the media with greater frequency than ever. That’s no surprise: ransomware attacks are a growing threat for healthcare organizations. Why? Because in a life or death situation, a hospital needs to decide whether to pay the hacker or lose the patient.
The medical community is increasingly facing threats at a greater rate than many other industries. Unfortunately, their security training practices don’t match the growing occurrence nor the obligation healthcare providers have under the law: a study by Kaspersky Lab in 2019 noted that only 29% of respondents knew and understood the HIPAA Security Rule, a fundamental part of their job. What’s more, 40% of workers weren’t aware of their organization’s cybersecurity rules and measures.
It’s easy to believe that nurses, doctors, and administrative staff don’t need comprehensive cybersecurity training. It should be the IT department’s role. Unfortunately, cybersecurity doesn’t work that way: hackers aren’t scaling walls to get into healthcare systems, they look for open doors first. And when a doctor or nurse doesn’t know how to encrypt their email, uses weak passwords, or clicks on an email infected with malware, then the hacker can walk right in.
Hackers Get in Through the Most Unlikely Doors
The problem goes beyond what happens within the confines of a doctor’s office or hospital setting. As healthcare organizations connect with patients through their personal devices, they’ll have to secure not only their own devices and programs but also compensate for side doors created through other unsecured apps and platforms.
In 2020, researchers reported that hackers were using the Google Play platform to distribute apps that screenshot sensitive user information. To do so, the |
| Envoyé | Oui |
| Condensat | $15 $60 2018 2019 2020 accept accountability act actors administrative ago all allowed also amount amounts android anyone app apparatus appearing apps are aren’t arrival attacks aware back bad basics because becomes believe better beyond big bigger bitcoin blackmail breaches break breakthroughs bring bug but buy can card care causes charts chatbots clicks collecting come commensurate commodity community compensate compliance comprehensive confines connect connected control created credit criminal cybersecurity dark data data: death decide demands department’s depend depending despite devices discovered distribute doctor doctor’s doctors dodgy doesn’t don’t doors each easier easy education efforts either elsewhere: email employee employees empower empowerment encrypt engagement enough equivalent errors estimated even ever expect experts exploiting exponentially extent facing fall file files firewalls first found frequency from full fundamental gain generate generates get goes going google greater growing hacked hacker hackers half happens has have heading health healthcare healthcare’s help helps hipaa holds hospital hottest how improve in: incidents increase increasingly industries industry industry’s infected information insurance interested internal internet investing isn’t it’s its job journey journeys just kaspersky knew know lab laden lag law: lead learn level: life like likely links lives look lose machines major make malicious malware mandatory many maps match mean meant measures media medical medicine message models more most need needed needs net new next nor not noted number nurse nurses obligation occurrence offered office once one only open operating opportunities organization’s organizations organizations’ other others out outcomes over own pack part particularly passwords patched patient patients patients’ pay payment people personal phones platform platforms play portability potential practices privacy problem product programs protect providers provides put ransomware rate record records redirect reliant relying reported reporters research researchers respondents responsibility right role rooting rule rules sale same satisfaction save scale scaling screenshot sector secure security see seek self sell sensitive sent setting should side sites situation social staff start stories strong study surprise: system systems take target tech technologies technology than that’s theft them then there’s these they’ll they’re things threat threats through time topped town training trends truly type types uncommon under understood unfortunately unlikely unsecured use user users uses using vulnerabilities vulnerability walk walls wants way: ways weak weaknesses wearable web well weren’t what what’s when where whereas whether which why will within work workers wound years your |
| Tags | Ransomware Vulnerability Threat Guideline |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.