More than two-thirds of healthcare organizations have reported a significant data security breach within the last year. From Partners Healthcare in Boston to Anthem in Indianapolis, hackers have successfully found their way in, compromising millions of customers' personal identifiable information. However, as more and more healthcare information goes online, organizations shouldn't just be concerned about their traditional 'perimeter' security.
Greg Mancusi-Ungaro, CMO for BrandProtect in Toronto: Physicians are in the cybercrime crosshairs because their medical office management systems can be connected to both insurance and hospital networks. If a physician's devices are compromised, the bad guys have a fast path to the main repositories of health and personal data.
Patients are also targets for entry into health networks. For instance, as open enrollment for [exchanges under the Affordable Care Act] approaches next month, cybercriminals will be active, phishing new healthcare customers during the time when they are most concerned about getting their applications filed.
The cybercriminals will use convincing emails and counterfeit websites to create attacks on both of these parties that seemingly originate from hospitals, medical groups or insurers. In all cases, the approach will be the same: There is a problem, it needs to be fixed now, and it can be fixed immediately by clicking on the provided link. It only takes one compromised system to open the doors for a major breach.
Healthcare organizations' security departments should think of the aforementioned breaches as wake-up calls. If not done so already, implement external cyber threat monitoring. It's only with this vigilance that providers can detect malicious representations of their organization, and mitigate any and all potential risks to their brand, reputation and revenues.