Experts Insight On Almost 40 Million Healthcare Records Stolen Or Leaked In 2019

It has been reported by the HIPPA Journal that more than 38 million healthcare records were exposed in breaches throughout 2019. October in particular was the month with the highest number of data breaches being formally reported by the healthcare sector. 28 of the incidents were caused by unauthorized access or disclosure, while 18 of them originated from hacking or IT incidents. This shows that the healthcare industry is still a target that is both appealing and easy to attack.

Commenting on the story are the following cybersecurity professionals:


EXPERTS COMMENTS
Javvad Malik, Security Awareness Advocate,  KnowBe4
November 27, 2019
Encryption, multi-factor authentication, data access models and such all exist.
Healthcare information is some of the most sensitive of personal information. While it is important to have healthcare information readily available to medical professionals, care needs to be taken that the information is not made available to criminals trying to gain access. It's not that there is a lack of data protection tools and procedures. Encryption, multi-factor authentication, data access models and such all exist. What we have is more of a lack of willingness, or awareness to implement strong data protection controls, in some cases for good reason. But broadly speaking this is a cultural issue, where medical institutes by and large do not consider security requirements, and do not drill in security through every role. Until we see cyber security being embedded into the culture of healthcare organisations in the same way that we try to combat the spread of germs with constant reminders and availability of anti-bacterial hand wash, we will continue to see breaches occur.
Ilia Kolochenko, Founder and CEO,  ImmuniWeb
November 27, 2019
The reported number is composed of identified and reported breaches, but that is just the tip of the iceberg.
“Considerably more health records are currently being sold via the Dark Web. Even if we ignore old dumps, duplicates and fakes, we will likely arrive at a substantially higher number. The reported number is composed of identified and reported breaches, but that is just the tip of the iceberg. Most of the breaches are, however, never detected due to their sophistication or inadequate level of cybersecurity and breach detection. "Worse, with the rapid proliferation of outsourcing and sensitive data handling by numerous third-parties, breaches stemming from external providers is unclear but probably of immense size. Continuous security monitoring and anomaly detection, asset inventory and attack surface management enhanced with well-thought-out and properly enforced third-party risk management is crucial for an effective cybersecurity strategy.”
Javvad Malik, Security Awareness Advocate,  KnowBe4
November 26, 2019
Encryption, multi-factor authentication, data access models and such all exist.
Healthcare information is some of the most sensitive of personal information. While it is important to have healthcare information readily available to medical professionals, care needs to be taken that the information is not made available to criminals trying to gain access. It's not that there is a lack of data protection tools and procedures. Encryption, multi-factor authentication, data access models and such all exist. What we have is more of a lack of willingness, or awareness to implement strong data protection controls, in some cases for good reason. But broadly speaking this is a cultural issue, where medical institutes, by and large, do not consider security requirements, and do not drill in security through every role. Until we see cybersecurity being embedded into the culture of healthcare organisations in the same way that we try to combat the spread of germs with constant reminders and availability of anti-bacterial hand wash, we will continue to see breaches occur.
Dean Ferrando, Systems Engineer Manager – EMEA,  Tripwire
November 26, 2019
When retaining this kind of data, it is critical to choose an encryption solution.
To ensure patients’ care and safety, healthcare organizations must ensure that their environment is duly protected against unauthorized changes and misconfigurations, which can make their environment susceptible to a cyber-attack. Given the increased cyber-attacks against healthcare organizations, it is simply no longer sufficient to merely be compliant with security frameworks. When retaining this kind of data, it is critical to choose an encryption solution that not only protects the database instances, but also provides protection for data in transit and at rest.

If you are an expert on this topic:

Dot Your Expert Comments

SUBSCRIBE to alert when new comments are posted on this news. :



Join the Conversation

Join the Conversation


In this article