Daily Brief: 2017.2.24

THREAT ANALYSIS

Healthcare related data breaches

A new report, released by Accenture, has revealed that twenty-six percent of consumers in the United States have had their personal medical information stolen from healthcare information systems. Of those who experienced a breach, 50 percent were victims of medical identity theft and had to pay an average of $2,500 in out-of-pocket costs per incident.
(Sources: Healthcare IT News, Accenture) 

The study also revealed that 91 percent of the data-breach victims took some type of action. 25 percent changed healthcare providers, 21 percent changed insurance plans and 19 percent sought legal counsel. A further 29 percent changed login credentials, 24 percent subscribed to identity-protection services and 20 percent added security software to their computer. 
(Sources: Healthcare IT News, Accenture)

According to data released by the U.S. Department of Health and Human Services Office of Civil Rights, a total of 197,667 patient records have been impacted by 35 breaches so far in 2017. The largest data breach (75,000) was documented by Stephenville Medical & Surgical Clinic in January, followed by WellCare Health Plans, Inc. (24,809).
(Source: HHS)

ACTION STEPS

1. The lack of security awareness among employees is an organizations biggest risk. Therefore, organizations are encouraged to invest in the security awareness of your workforce.
2. Conduct more frequent vulnerability assessments and penetration testing. A monthly or quarterly test schedule is recommended.
3. Make sure all the software on your system is up to date. One of the most common infection vectors is a malicious exploit that leverage a software vulnerability. Keeping software up to date helps minimize the likelihood that your system has an exposed vulnerability on it.
   (Sources: Norton, Healthcare IT News)