A partner account manager can help. Contact us today.
This year, Reuters reported that the FBI released a private notice to the healthcare industry warning providers that their cyber security systems are lax compared to other sectors. According to the Ponemon Institute, 72 % of healthcare organizations say they are only somewhat confident (32 %) or not confident (40 %) in the security and privacy of patient data shared on HIEs. Personal information found in healthcare records fetches hefty sums on underground markets, making any company that stores such data a very attractive target for attackers. This data includes names, Social Security Numbers, birth dates, telephone numbers, member identification numbers, e-mail addresses, and mailing addresses. In the Premera breach, claim information, including clinical information, was also allegedly affected.
There are so many ways to use monetize medical data. For example, Social Security Numbers and mailing addresses can be used to apply for credit cards or get around corporate antifraud measures. This could explain why attackers have recently targeted U.S. health insurance providers. On March 17, 2015, Premera Blue Cross disclosed that the personal details of 11 million customers had been exposed in a hack that was discovered in January. In February, Anthem, another health insurance provider, said that 78.8 million customer and employee records were accessed in an attack. Credentials that include Social Security Numbers can sell for a couple hundred dollars since the data's lifetime is much longer compared to pilfered credit card numbers. Since typical targets such as Finance and Retail became much stronger against cyber attacks as they have been targets for decades, the Healthcare industry is now much less secured and more profitable. For example, the medical claim information that attackers in the Premera breach had access to could be used to blackmail victims as well (according to Jeff Schmidt, CEO of IT security firm JAS Global Advisors). Attackers could look for sensitive clinical data, like poor test results, and e-mail patients threatening to make that information public unless they pay a ransom.
We expect healthcare breaches will increase. Healthcare organizations face the challenge of securing a significant amount of sensitive information stored in their network, which combined with the value of a medical identity string makes them an attractive target for cyber criminals.
Monetizing medical data is becoming the next revenue stream for hackers.
- Fred O'Connor, IDG News Service,
20 March 2015
If your company is from the Healthcare industry, we can help you secure your ERP systems and mission-critical applications. ERPScan, the multi-layer security monitoring suite for SAP and Oracle applications, takes care about business and technical layers, controls security settings in various systems, and analyzes them according to compliance guidelines. ERPScan enables companies to address specific Healthcare industry challenges and significantly reduce the costs of compliance. Using ERPScan's preconfigured templates for SAP's Healthcare module, companies assess their systems and monitor weak areas on a scheduled basis with any level of detail. ERPScan Security Monitoring Suite contains a library of 120+ rules for specific access control checks in SAP systems.
We have preconfigured and customizable templates to check security regarding SAP's recommendations for the Healthcare industry (120+ unique security checks).
ERPScan Security Monitoring Suite for SAP was awarded the Best Solution for Healthcare Industry at Hot Companies and Best Products Awards 2015 and distinguished in IT Products and Services For Enterprise at Hot Companies and Best Products Awards 2014 along with 25+ various other awards.
Hackers will go after anyone with health care information.
- John Pescatore, director of emerging
security trends at the SANS Institute