Top 6 Health Data Breaches for 2015 Involve Hacking

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://healthitsecurity.com/2015/03/31/top-6-health-data-breaches-for-2015-involve-hacking/

We are just three months into 2015, and two large scale health data
breaches have already taken place. The Anthem data breach affected
approximately 78 million individuals, while Premera Blue Cross’ incident
could impact nearly 11 million members and applicants.

What do these two health data breaches have in common? Not only are
millions of individuals potentially affected, but each incident was caused
by a cyber attack. Both Anthem and Premera reported that a third-party
inappropriately broke into a database that contained individuals’ sensitive
information – and in Premera’s case PHI as well.

A more disturbing fact, is that according to the Department of Health &
Human Services (HHS) Office for Civil Rights (OCR), the top six health data
breaches for this year so far are all caused by hacking or an “IT
incident.” While the Anthem and Premera breaches easily affect more
individuals than the next four attacks combined, it is interesting that
cyber attacks appear to be the culprit for all of them.

The top six breaches, followed by the date the breach was submitted to the
OCR, as of March 31, 2015 are as follows:

Anthem, Inc. March 13
Affected Individuals: 78.8 million

Premera Blue Cross, March 17
Affected Individuals: 11 million

Virginia Department of Medical Assistance Services (VA-DMAS), March 12
Affected Individuals: 697,586

Georgia Department of Community Health, March 2
Affected Individuals: 557,779

Georgia Department of Community Health, March 2
Affected Individuals: 355,127

Advantage Consolidated LLC, March 18
Affected Individuals: 151,626

Following the Anthem data breach, Jim Mapes, Chief Security Officer of
BestIT said in an interview with HealthITSecurity.com that similar
healthcare data breaches were likely to continue. He added that it was not
surprising that an incident like that had happened in the first place.


However, security awareness and training throughout the entire healthcare
organization is going to be incredibly valuable in terms of prevention.

“Having an employee workforce that’s trained to understand that, and know
what suspicious activity is, then they know how to react to it,” Mapes
said. “That’s worth its weight in gold as far as prevention.”

Guy Delp, director of Cyber and Data Analytics at Lockheed Martin, also
discussed the importance of not only training employees, but ensuring that
the right employees are put into place to help prevent cybersecurity issues.

“We believe that many organizations don’t feel confident in their
cybersecurity measures because they lack the proper funding and staffing to
identify and manage attacks,” Delp said, citing results from a Lockheed
Martin cybersecurity survey. “Fifty-six percent of respondents felt that
they didn’t’ have expert personnel. This tells us that organization leaders
need to allocate more funding to building up their cybersecurity defense
structure and also hire or train additional cyber experts to protect their
networks.”

Healthcare organizations might not be able to prevent every third-party
cyberattack, but it is essential to be able to detect an issue and then
immediately notify the authorities and individuals should an incident
occur. We have nine more months to go still in 2015, and will hopefully not
continue on the current path of having large scale data breaches.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!