What healthcare companies can learn from Anthem’s data breach
If you’ve followed the news behind Sony, JP Morgan and other highly publicized breaches, you’ll notice that this latest Anthem breach follows a very familiar trend. Corporate IT systems are fighting a losing battle against today’s hackers.
Unfortunately, when it comes to data breaches and cyberattacks, healthcare organizations are a prime target. Why healthcare systems? A few reasons: (1) many healthcare providers continue to maintain an IT infrastructure that is old and inadequate, (2) shrinking IT staff combined with end of life equipment exposes vulnerabilities and (3) budgetary limitations create IT constraints. According to the Identity Theft Resources Center, attacks on hospitals and other healthcare organizations accounted for 42.5% of all major data breaches in 2014 – and that number is only expected to grow.
So, how do healthcare companies stay protected? So where does that leave smaller healthcare organizations that don’t have massive resources dedicated to protecting against these sophisticated cyberattacks? Luckily, there’s a silver lining. Even if you’re a small organization, you can still have access to enterprise-class security tools to protect your data. It’s also worth noting that the target in this most recent attack appears to be identities (name, SSN, DOB, email), not medical history, making this relevant for any organization that stores information regarding their customers’ identities. Here are the primary attack vehicles that have been reported and what you can do to safeguard against them:
- Stop them from phishing for a back door. In the past, users could avoid phishing scams by simply checking the destination of links before clicking them, or only opening links sent from known sources. Unfortunately, today’s phishing attacks are much more sophisticated. McAfee ClickProtect helps solve this problem. Included as part of Terra Nova’s McAfee Advanced Email Protection, ClickProtect keeps users safe from phishing by scanning links twice — first, at the moment when the email reaches the server; and second, at the moment the user clicks the link.
- Add an additional layer of security for logins. Even if your login credentials are stolen, having another layer of ID verification can help prevent against unauthorized access. This is where two-factor authentication (2FA) comes into play. With 2FA, users are required to successfully pass a second identify verification test to login, usually in the form of a code that’s generated through a text or within an app. This makes it much harder for an attacker to be successful. Intermedia provides this for our customers through Intermedia AppID™.
- Encrypt important information. Scrambling sensitive data is the next option, so that reading the data should require having a different (and additional) set of authentication credentials. In the case of Anthem, patient info was stored in a database, which can have its own encryption mechanisms. But other files can also be encrypted with disk, device or application passwords. Terra Nova’s provides several encryption mechanisms, including secure (encrypted) file sharing and encrypted email to protect transmitted documents.
Discover how our healthcare solutions can help safeguard your company against potential breaches, or give us a call at 770.788.8089 to learn more.