Daily Brief: 2017.2.24
THREAT ANALYSIS
Healthcare related data breaches
A new report, released by Accenture, has revealed that twenty-six percent of consumers in the United States have had their personal medical information stolen from healthcare information systems. Of those who experienced a breach, 50 percent were victims of medical identity theft and had to pay an average of $2,500 in out-of-pocket costs per incident.
(Sources: Healthcare IT News, Accenture)
The study also revealed that 91 percent of the data-breach victims took some type of action. 25 percent changed healthcare providers, 21 percent changed insurance plans and 19 percent sought legal counsel. A further 29 percent changed login credentials, 24 percent subscribed to identity-protection services and 20 percent added security software to their computer.
(Sources: Healthcare IT News, Accenture)
According to data released by the U.S. Department of Health and Human Services Office of Civil Rights, a total of 197,667 patient records have been impacted by 35 breaches so far in 2017. The largest data breach (75,000) was documented by Stephenville Medical & Surgical Clinic in January, followed by WellCare Health Plans, Inc. (24,809).
(Source: HHS)
ACTION STEPS
- The lack of security awareness among employees is an organizations biggest risk. Therefore, organizations are encouraged to invest in the security awareness of your workforce.
- Conduct more frequent vulnerability assessments and penetration testing. A monthly or quarterly test schedule is recommended.
- Make sure all the software on your system is up to date. One of the most common infection vectors is a malicious exploit that leverage a software vulnerability. Keeping software up to date helps minimize the likelihood that your system has an exposed vulnerability on it.
(Sources: Norton, Healthcare IT News)