Should we start conversations around forging ahead amid the varying minefield of company’s data threats?
Source: PROTENUS BREACH BAROMETER REPORT
Wrong/Poor cybersecurity practices
In many organizations there remains an inadequate culture of security, with companies failing to follow best practices, either due to lack of knowledge or an attitude that the effort and/or cost to comply is too burdensome.
For healthcare system with several aspects of cybersecurity remaining unregulated, levels of interest and investment vary widely within the industry. From the IT corner, one basic issue remains a lack of data encryption; among marketing & sales departments, a common issue remains poor password selection and protection, with some people outright working around them by sharing passwords among groups or posting them on monitors.
Insider threats
According to a report by Protenus, nearly half (43%) of the healthcare data breaches in 2016 were a result of insider threats, both unintentional and malicious.
Data protection also needs to consider malicious insider intent, which underscores the need for as-needed data access and protected,individual log-ins – particularly amid quick staff turnover, visiting consultants and the possibility of outsiders being able to walk in and access insider systems.
Recent incidents illustrate that surprises do come from within, as when staff engage in billing fraud or improperly view records for celebrity patients or user, or when outsiders pose as company staff.
Ransomware
Cases of ransomware and also some non-ransomware cases where hackers acquired databases and subsequently tried to extort covered entities. When extortion failed, they put user content up for sale on the dark web. There were so many user records put up for sale in 2016 that the price per record dropped significantly as the market became flooded.
These hacks have taken the healthcare industry by storm with their terrifying hijacking of hospital systems that demand a payment demand to return system control. Healthcare entities are viewed as ideal targets because it is so critical to them to avoid data or service interruption.
Source: Protenus and other IDM sources.
Thiago Leoncio.
No comments:
Post a Comment