Security “Blues” Play Again for Healthcare
In the wake of a second massive cyber attack and personal information breach by another Blue Cross Blue Shield health insurance company, healthcare organizations all over the country are scrambling to put systems in place to make sure that the do not fall victim to the same fate. The first security breach 6 weeks ago by Anthem Blue Cross has compromised the personal information of over 80 million of current and former customers and employees from as far back as 2004 – including the records of Anthem CEO and president, Joseph Swedish. The second breach announced this week by Premera Blue Cross includes personal data of over 10 million more individuals. The as-yet-unidentified hackers were able to access a multitude of information, including names, addresses, birth dates, email addresses, Social Security numbers, Medicare numbers and employment information, such as income data. The news of these breaches was announced recently, but the hackers had been in Anthem’s and Premera’s systems, undetected, for months.
Protect Yourself from Security Breaches in Your Healthcare Organization
A security breach of this magnitude is unprecedented. We’re only a couple months into 2015 and the Anthem breach alone easily eclipses the health data breaches over the last 5 years ‒ combined. “We are just hitting the tip of the iceberg now.” says qliqSOFT CEO Krishna Kurapati, “The Cloud, as convenient as it is, also is very vulnerable. The chain of trust and the chain of making sure that the data is secure is not easy for organizations. The inter-connectivity of the health systems exacerbates the problem.” Over the last couple years alone, we’ve seen big companies like Sony, Home Depot, and Target become victims of these large-scale cyber attacks – but this Anthem and Premera breaches are a different breed of security issue, and has different implications for the industry.
Unfortunately, the Cloud is only one of the elements that make healthcare organizations such a big target for this caliber of cyber attacks. “It is an age old fact – motive, means and vulnerability – are the three main things that drive this kind of theft.” Healthcare is a perfect storm of these components: massive troves of extremely valuable data, ripe for the picking (and selling) if the hackers are willing to work at it. Social security numbers and Medicare numbers are like gold to hackers, because unlike payment-card numbers, which are unusable once banks find they’re being used for fraud, these numbers are ubiquitous and hard to change. They are the main mode of authentication for many essential services, especially ones that have to do with the government, and they are very often used as the primary means of identification for patients.
Cyber Attacks Targeting Healthcare Companies
With that in mind, it’s no surprise that healthcare companies saw a 72 percent increase in cyber attacks from 2013 to 2014, according to the security firm Symantec. “The higher the bounty, the hackers will get more serious and try to find whatever means to get to it,” Kurapati says, “So in Cloud system, you always want to try to figure out a way to either make the perimeter highly secure, and/or try to make the bounty less valuable to people.”
So this begs the question: how can other healthcare organizations do that? Anthem is the second largest insurer in the country with hundreds of IT people and dozens of dedicated security folks looking around and making sure that things don’t leak, but even then, the hackers could get through. “Awareness has gone up, but the thing is – how do we deal with more and more data being in the Cloud with electronic medical records, health information, etc.? The value is high and the number of places you can get into is huge – for Anthem or any small organization. It isn’t the size of the organization that determines whether or not they’re going to be attacked – it’s what they have, and the number of points of access is huge. My guess is there will be more and more hacks into data. If I can get that information for thousands of dollars in the black market, I think there is huge value for the hackers to get the data.” The unfortunate truth is that where there are things of value, there will be people trying to steal it. The only viable way to avoid these situations is to do the best job possible of diminishing the key drivers that lead to hacking in the first place: motive, means and vulnerability.
Facilitating the Implementation of a Secure Method of Communication
That’s where qliqSOFT can have an impact. By facilitating an easy and secure method of communication within healthcare organizations, Kurapati hopes to play a role in preventing these kinds of breaches. “We provide security in communicating the patient information. By encrypting and limiting the accessibility of data at rest and in transit particularly on smartphones and in the Cloud, we minimize the risk of a breach.” qliqSOFT’s strong point is that it directly addresses and diverts the three key drivers for cyber theft – motive, means, and vulnerability – thereby provides a robust secure texting service for all healthcare professionals.
Healthcare does not have a history of large-scale data breaches, but unfortunately, it’s becoming that. The records are valuable as you can do more with them for long period of time. While it seems like the methods in these particular attacks may have been specifically targeted at Anthem and Premera, it is likely that this is merely the beginning of similar breaches in the industry. At this moment, healthcare needs to come to terms with the fact that it is absolutely a target for cyber criminals, and lay down a security framework that makes them less vulnerable to these attacks.