BreachExchange mailing list archives
Top 6 Health Data Breaches for 2015 Involve Hacking
From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Tue, 31 Mar 2015 19:52:47 -0600
http://healthitsecurity.com/2015/03/31/top-6-health-data-breaches-for-2015-involve-hacking/ We are just three months into 2015, and two large scale health data breaches have already taken place. The Anthem data breach affected approximately 78 million individuals, while Premera Blue Cross’ incident could impact nearly 11 million members and applicants. What do these two health data breaches have in common? Not only are millions of individuals potentially affected, but each incident was caused by a cyber attack. Both Anthem and Premera reported that a third-party inappropriately broke into a database that contained individuals’ sensitive information – and in Premera’s case PHI as well. A more disturbing fact, is that according to the Department of Health & Human Services (HHS) Office for Civil Rights (OCR), the top six health data breaches for this year so far are all caused by hacking or an “IT incident.” While the Anthem and Premera breaches easily affect more individuals than the next four attacks combined, it is interesting that cyber attacks appear to be the culprit for all of them. The top six breaches, followed by the date the breach was submitted to the OCR, as of March 31, 2015 are as follows: Anthem, Inc. March 13 Affected Individuals: 78.8 million Premera Blue Cross, March 17 Affected Individuals: 11 million Virginia Department of Medical Assistance Services (VA-DMAS), March 12 Affected Individuals: 697,586 Georgia Department of Community Health, March 2 Affected Individuals: 557,779 Georgia Department of Community Health, March 2 Affected Individuals: 355,127 Advantage Consolidated LLC, March 18 Affected Individuals: 151,626 Following the Anthem data breach, Jim Mapes, Chief Security Officer of BestIT said in an interview with HealthITSecurity.com that similar healthcare data breaches were likely to continue. He added that it was not surprising that an incident like that had happened in the first place. However, security awareness and training throughout the entire healthcare organization is going to be incredibly valuable in terms of prevention. “Having an employee workforce that’s trained to understand that, and know what suspicious activity is, then they know how to react to it,” Mapes said. “That’s worth its weight in gold as far as prevention.” Guy Delp, director of Cyber and Data Analytics at Lockheed Martin, also discussed the importance of not only training employees, but ensuring that the right employees are put into place to help prevent cybersecurity issues. “We believe that many organizations don’t feel confident in their cybersecurity measures because they lack the proper funding and staffing to identify and manage attacks,” Delp said, citing results from a Lockheed Martin cybersecurity survey. “Fifty-six percent of respondents felt that they didn’t’ have expert personnel. This tells us that organization leaders need to allocate more funding to building up their cybersecurity defense structure and also hire or train additional cyber experts to protect their networks.” Healthcare organizations might not be able to prevent every third-party cyberattack, but it is essential to be able to detect an issue and then immediately notify the authorities and individuals should an incident occur. We have nine more months to go still in 2015, and will hopefully not continue on the current path of having large scale data breaches.
_______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss For inquiries regarding use or licensing of data, e-mail sales () riskbasedsecurity com Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus on the right security. If you need security help or want to provide real risk reduction for your clients contact us!
Current thread:
- Top 6 Health Data Breaches for 2015 Involve Hacking Audrey McNeil (Apr 07)