• TREND MICRO
  • ABOUT
Search:
  • Latest Posts
  • Categories
    • Android
    • AWS
    • Azure
    • Cloud
    • Compliance
    • Critical Infrastructure
    • Cybercrime
    • Encryption
    • Financial Services
    • Government
    • Hacks
    • Healthcare
    • Internet of Everything
    • Malware
    • Microsoft
    • Mobile Security
    • Network
    • Privacy
    • Ransomware
    • Security
    • Social Media
    • Small Business
    • Targeted Attacks
    • Trend Spotlight
    • Virtualization
    • Vulnerabilities
    • Web Security
    • Zero Day Initiative
    • Industry News
  • Our Experts
    • Ed Cabrera
    • Rik Ferguson
    • Greg Young
    • Mark Nunnikhoven
    • Jon Clay
    • William “Bill” Malik
  • Research
Home   »   Healthcare   »   Healthcare Data in the Cross-Hairs

Healthcare Data in the Cross-Hairs

  • Posted on:February 5, 2015
  • Posted in:Healthcare, Security
  • Posted by:Christopher Budd (Global Threat Communications)
0

Today we’ve learned that up to 80 million customers and employees of Anthem health insurance have had their personal information stolen. Initial reports indicate that the data loss includes names, birth dates, Social Security numbers, addresses and employment data including income.

All the information you need for effective identity theft.

The exact number of records lost is still being determined but Anthem themselves say it’s likely in the “tens of millions.”

The potential number of records and the type of information lost already make this, arguably, the worst data breach in US history, from an identity theft-risk perspective.

But two things make this situation even worse and should raise red flags.

  1. The attack targeted data held by a health care organization demonstrating that attackers correctly recognize this environment is the “mother lode” when it comes to personal information. In the US, we’ve traditionally been conditioned to hand over critical personal information to health care organizations without batting an eye. What’s more, we hand over not just our information but our family. If successful identity theft is a goal, there’s no better data to steal than this.
  2. This attack was against the largest for-profit managed health care company in the Blue Cross and Blue Shield Association, and the second largest health insurance company in the U.S. It isn’t a small “mom and pop” operation—this is the company with a tremendous amount of resources. Anthem is a big gun. Indications are that this was a sophisticated attack, which means that this established entity has been victimized in a major way. The big gun was outgunned. And, if an organization of this size can fall prey, the entire industry should be concerned.

Nearly a year ago, the FBI issued a warning that the health care industry was at risk. With today’s announcement we see that warning was well founded. And, we see what the consequences of a successful attack look like. Most of all, we see that this is a risk the entire industry faces—size and sophistication don’t matter.

Health care organizations need to heed the FBI’s warning from last year and put in place not just protections to prevent intrusions but countermeasures to detect when these intrusions take place. Even as we write, the odds are good that the networks of other healthcare organizations have already been breached and that data is being siphoned. The real question is how long it will be before we hear about it.

A lesson that the health care industry can take from last year’s retail data breaches is to collaborate and share information broadly, quickly. We know the attackers share information. And, while health care does have an information sharing and analysis center more can always be done.

The Obama administration has recently called for more legislation to boost cybersecurity defenses and data breach notification. Because health care is such a heavily regulated industry, this latest event shows how important it is for these initiatives to include strengthening security around healthcare data.

This may be the first large healthcare data breach. But it won’t be the last. We have a chance to avoid a repeat of history that inflicted the retail industry if the health care industry moves quickly and in partnership with public and private organizations. For additional information click here.

Please add your thoughts in the comments below or follow me on Twitter; @ChristopherBudd.

Related posts:

  1. Cybersecurity in Healthcare: a Unique Challenge
  2. Data Protection Risks of Using Pagers in Healthcare
  3. Attention Healthcare IT Teams: Five Simple Ways to Keep Patient Data Safe
  4. US cybersecurity experts advocate for improved cross-sector collaboration

Security Intelligence Blog

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits

Featured Authors

Ed Cabrera (Chief Cybersecurity Officer)
Ed Cabrera (Chief Cybersecurity Officer)
  • Ransomware is Still a Blight on Business
Greg Young (Vice President for Cybersecurity)
Greg Young (Vice President for Cybersecurity)
  • Not Just Good Security Products, But a Good Partner
Jon Clay (Global Threat Communications)
Jon Clay (Global Threat Communications)
  • This Week in Security News: Ransomware Gang is Raking in Tens of Millions of Dollars and Microsoft Patch Tuesday Update Fixes 17 Critical Bugs
Mark Nunnikhoven (Vice President, Cloud Research)
Mark Nunnikhoven (Vice President, Cloud Research)
  • Twitter Hacked in Bitcoin Scam
Rik Ferguson (VP, Security Research)
Rik Ferguson (VP, Security Research)
  • The Sky Has Already Fallen (you just haven’t seen the alert yet)
William
William "Bill" Malik (CISA VP Infrastructure Strategies)
  • Black Hat Trip Report – Trend Micro

Follow Us

Trend Micro In The News

  • Advanced Cloud-Native Container Security Added to Trend Micro's Cloud One Services Platform
  • Trend Micro Goes Global to Find Entrepreneurs Set to Unlock the Smart Connected World
  • Winners of Trend Micro Global Capture the Flag Demonstrate Excellence in Cybersecurity
  • Companies Leveraging AWS Well-Architected Reviews Now Benefit from Security Innovations from Trend Micro
  • Trend Micro Announces World's First Cloud-Native File Storage Security
  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © 2017 Trend Micro Incorporated. All rights reserved.