(770) 424-3393 Facebook logo Twitter logo Linkedin logo YouTube 001 gplus RSS feed

Carceron Blog

Carceron has been serving the Atlanta area since 2002, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

Pandemic: Hackers Have Stolen More Than 100 Million Healthcare Records

Pandemic: Hackers Have Stolen More Than 100 Million Healthcare Records

Healthcare organizations are a hot topic when it comes to cybersecurity, as even a small data breach could turn into a goldmine for hackers. Recently, IBM’s 2016 Cyber Security Intelligence Index has reported a data breach that exposed more than 10 million medical records, which shows us just how scary a breach of this kind can be. The secret weapon, in many cases, is a threat called ransomware.

Ransomware is a common and painful threat in its own right, even when it’s not used to target healthcare organizations. Yet, the nature of healthcare records makes it an extraordinarily difficult threat to work around. For one, hospitals often have no choice but to pay the ransom, since they need access to important files in order to continue doing their jobs. This has left many hospital administrations with no choice other than to pay the ransom, in order to guarantee the safety and protection of their patients, and to avoid nasty falling-outs that could come in the form of legal ramifications.

Granted, medical records also contain plenty of sensitive information in their own right, including financial details, home addresses, Social Security numbers, and plenty more. Basically, a healthcare-based security breach hands over all of the data necessary to steal someone’s identity.

One hacker with the overzealous and somewhat hilarious monicker, TheDarkOverlord, posted over 650,000 patient records for sale on the dark web. TheDarkOverlord used an unknown vulnerability in the Windows operating system to infiltrate a hospital’s systems, and then located the database credentials in an unencrypted plain text file, which allowed him to steal the medical records. Instead of posting them immediately, TheDarkOverlord thought that he would be able to get more money for them from the affected companies.

The breach affected three companies: one in Farmington, Missouri, one in Georgia, and another in an unspecified location somewhere in the Central/Midwest United States. Naturally, they all refused to pay, so the hacker determined that the best course of action was to auction them off to the highest bidder. The Georgia haul has reportedly already been quite fruitful for the hacker, and someone has offered to purchase all of the data from insurance provider BlueCross BlueShield (which you may recall getting hacked last year). To these companies, TheDarkOverlord has issued a statement: “Next time an adversary comes to you and offers you an opportunity to cover this up and make it go away for a small fee to prevent the leak, take the offer. There is a lot more to come.”

This ultimatum seems to be just the beginning, as intrusions into the hospital networks themselves seem inevitable. Hackers that can gain access to internal hospital networks can steal medical and financial records of patients, as well as potentially interfere with any connected devices on the network. Criminals could change or alter settings on devices, with patients’ lives hanging in the balance. For doctors and hospital administrators, this possibility must be terrifying, as the institution could face paying an immense ransom fee, or charges for malpractice.

You would think that organizations would have preventative measures put into place that keep sensitive data from being exposed to dangerous hackers. Yet, this is simply not true in some cases. While it’s required that preventative measures are put into place, encryption often isn’t required in order to comply with HIPAA. Thus, the lack of preparation leads to hacks. Additionally, some organizations lack the dedicated internal IT department that can keep systems secure, and that’s not even mentioning data backup. To make matters worse, 25 percent of healthcare institutions have no way to determine if they’ve been hacked, and by the time they know they’ve been the target of ransomware, it’s far too late.

Healthcare, and other high-profile hacking targets, need to understand that they have a giant bullseye painted on their sensitive information. Even a small business has something to offer hackers, however. In order to protect your business, be sure to follow these two steps.

Establish an Iisolated Backup Solution
Whenever there is critical data involved in the day-to-day operation, a backup solution is something that is absolutely necessary for the organization’s safety and security. In the case of a healthcare organization losing their files to some nefarious intruder, a backup will allow them to continue their operations without putting the health and safety of the patients at risk. However, for this backup to be truly effective, it must be isolated from the original system; otherwise, the hacker will likely be able to access the backup as well. As an added advantage, this separation also protects the data against disasters, such as fires, floods, or user error.

Implement a Reliable Defense Strategy
Considering that most external attacks take advantage of system vulnerabilities, this facet is intended to remove the vulnerabilities from your system. As vulnerabilities come in different varieties, your strategy will need to be multifaceted to cover all of your bases. Install and maintain reliable antivirus and malware blockers, and educate yourself and your users on industry best practices for data security.

To protect your business’s infrastructure from external threats, reach out to us at (770) 424-3393, and subscribe to our blog.

Comments

 
No comments yet
Already Registered? Login Here
Guest
Sunday, 25 September 2016
If you'd like to register, please fill in the username, password and name fields.

Captcha Image

Tag Cloud

Security Technology Best Practices Privacy Internet Microsoft Tip of the Week Business Management Managed Service Provider Software Cloud Workplace Tips Backup Saving Money Data Small Business Hardware Productivity Gadgets Hackers Mobile Office Business Computing Business Email Hosted Solutions Quick Tips Malware Google IT Services Social Media IT Support Virtualization Upgrade Mobile Devices Passwords Business Continuity Users Smartphones Microsoft Office Network Windows Disaster Recovery WiFi Server Innovation VoIP Miscellaneous Computer User Tips Communication Mobile Device Management Efficiency Mobile Computing Windows 10 Vendor Management Operating System Unified Threat Management Smartphone The Internet of Things Marketing BYOD Apps Holiday Remote Computing Health Analytics IT Consultant History Facebook Android Windows 8 Ransomware Bring Your Own Device Going Green Wireless Technology Apple Alert Content Filtering Information Technology Outlook Saving Time Big data Hard Drives Lithium-ion Battery Printer Network Security Office Tech Support Remote Monitoring Spam Data Management Firewall Save Money Collaboration Phishing Employer-Employee Relationship Gmail Hiring/Firing Best Practice Automation Computer Repair Search Proactive IT Computers Humor Browser Smart Phones Maintenance Bandwidth Tutorials Save Time Antivirus Current Events Intranet Business Intelligence Two-factor Authentication Money Wireless Mobile Device Running Cable iPhone Document Management User Error Hacking Phone System User Managed IT services Avoiding Downtime Router Fax Server Administration PowerPoint Help Desk Education Internet of Things Sports Excel Budget App Business Growth Documents Virus Encryption Retail Chrome Networking Website IBM End of Support Virtual Desktop Network Congestion Artificial Intelligence Experience Heating/Cooling Legal Thin Client Inbound Marketing Data storage Statistics Streaming Media Net Neutrality Flexibility Comanaged IT Safety Company Culture Office Tips Social Cost Management Computing Customer Service Downtime Pain Points Customer Relationship Management Printer Server Social Networking Government Digital Payment USB Recovery Bluetooth Cybercrime Laptop Password Computer Accessories Programming Gaming Console Hosted Solution Comparison Augmented Reality SaaS Cortana Presentation Text Messaging Risk Management VPN Black Market Compliance communications Human Resources Banking Read 3D Value Efeciency Monitors Keyboard Content Management Pirating Information Language Visible Light Communication Turn Key Google Wallet PDF Recycling Business Metrics Adroid Displays Shortcut Archive Troubleshooting Managed IT Advertising Drones Update Chromebook YouTube Domains Business Owner Video Surveillance Work/Life Balance Harddrive Adminstration Law Enforcement Online currency eWaste Trending Twitter Point of Sale Co-Managed IT Writing Outsourced IT Specifications Debate Unified Communications Staffing Environment Download switches Competition Office 365 Entertainment Lifestyle Paperless Office Analytic Permissions Leadership Google Docs Disaster Riske Management Digital Signature Regulations Application Identity Theft Solid State Drive Securty BDR File Sharing External Harddrive IT consulting DDoS Touchscreen Virtual Reality Society Micrsooft IT service Tablet Windows XP organize Computing Infrastructure Robot Webinar CIO LinkedIn Word Public Speaking Wearable Technology HIPAA Memory Skype Electronic Payment Mouse Wi-Fi Music Teamwork Upgrades Entrepreneur Operating Systerm Hacker Flash Processors Telephone Systems GPS Best Available Deep Learning IP Address Display Storage Ebay Settings LiFi Microserver

Mobile? Grab this Article!

QR-Code

Recent Comments

No comments yet.

Blog Archive