Healthcare Cybersecurity Woes

Healthcare Cybersecurity Woes

2018 has not gotten off to a good start in the healthcare industry cybersecurity. Still the top targeted industry, we have seen hospital groups and one of the electronic medical record companies fall to very preventable SamSam ransomware attacks.

SamSam infections are troubling

The recent attacks with SamSam ransomware is particularly concerning because it requires the attacker to be inside the victim’s computer network to manually activate the ransomware. This means that the attacker(s) who held Hancock Health, AllScripts, the Colorado Department of Transportation, and most recently at the time of writing, the City of Atlanta, Georgia ransom had remote access to the computer systems of all those organizations.

Research shows cyberattacks have lethal results

Dr. Sung Choi, a researcher at Vanderbilt University’s Owen Graduate School of Management, has found that 2,100 deaths can be linked to hospital data breaches and lack of cybersecurity protections. The reason is that breaches “trigger remediation activities, regulatory inquires and litigation in the years following a breach…” and these activities affect the performance of the facility, leading to quality issues.

Thinking to the large-scale ransomware attack on Hollywood Presbyterian Medical Center in Los Angeles in February 2016 that brought their computer systems down for weeks, when the attack was at its worst, the hospital had to divert ambulances and even transfer patients to nearby medical facilities for treatment. When WannaCry ransomware hit 16 hospitals in May 2017, at least one facility had to cancel 10 scheduled operations due to computer system outages.

So what do healthcare organizations need to do?

The first step is identifying what is on your network. It is surprising how many organizations have no idea how many computers or internet-connected devices are on their networks, much less their protection status. How can you protect your systems and data if you don’t even know where they reside?

The questions “Do you have a firewall” and “when was it last updated” seems to catch many organizations off-guard and the all too common answer is that “I think my IT guy put one in and I’m sure he’s keeping it up to date”. But that’s not good enough. As an office manager or administrator, you need to know that you have all the protections in place not only to maintain HIPAA compliance but really because you care about your patient’s data and safety.

Contact Axiom today for a short and complimentary cybersecurity risk assessment to go over your cybersecurity strategy. Contact us or call 800-519-5070 to speak with one of our qualified cybersecurity experts.

How Data Breaches Affect Children

How Data Breaches Affect Children

Believe it or not, data breaches do affect children, even as young as infants. The worrisome aspect of recent massive data breaches is that many adults have grown immune to data breach notifications; so much so that nearly half of Americans haven’t even checked their credit following the Equifax breach. If they are not checking their own credit, you can pretty much bet that they haven’t looked into their children’s credit either.

One family of five decided to plug in their entire family’s information into the Equifax data breach checker and were surprised to see that their 7-year-old son’s information was potential stolen.

The theft of a child’s identity is lucrative to a cyber-criminal because it can remain undetected for years, if not decades. Without regular monitoring, a child’s identity that has been stolen may not be discovered until they are preparing to go to college and start applying for student loans or get their first credit card. By then, the damage is done and the now young adult will need to go through the pain of proving that their identity was indeed stolen.

It may be surprising to many but a 2011 report found that children are 51% more likely to be the victim of identity theft than an adult. It was found that one of the victims was only five months old and another teenager had over $700,000 in debt in their name.

And this tax season, cybercriminals on the DarkWeb have been caught selling the social security numbers of infants for just $300 per social to be used on fraudulent tax returns. While data on children has been on sale for many years, this is the first believed case where hackers are specifically targeting newborns and “fresh” social security numbers.

So, what can parents do to protect their children and their credit?

The first step would be to treat your children’s social security numbers just as carefully as you would treat your own. Do not provide it to anyone unless absolutely necessary (doctor, school, accountant). And if you have a teenager, teach them how to be responsible with their social security number as well.

Secondly, if you have reason to believe that your child’s information may have been stolen, you as a parent are allowed to request to see if your child has a credit report and secondly, if they do, by request you can also put a credit freeze on their report.

Image Credit – Freepik