A Target That’s Only Getting Bigger
Health Records: An Attacker’s Treasure Chest
Industry consultancies believe that cyberattacks will cost healthcare organizations more than $305 billion over the next five years and that one in 13 patients will have their private medical data
stolen or held for ransom.
Stolen healthcare data can be used to perpetrate medical insurance fraud and to extort money from businesses and individuals, as well as to conduct more “traditional” financial crimes like identity theft or holding encrypted patient records for ransom.
Because medical records include such a rich variety of personal data, they have a resale value on the black market that is more than 10 to 20 times the value of a credit card number.
The combined effect of such a rich target of opportunity and the long-term viability of the personal information guarantees that health care organizations and the businesses that support them – will continue to be high-value targets of cybercriminals for the foreseeable future.
The High Cost Of HIPAA
In an effort to mitigate risks to healthcare information, the U.S. Congress passed the Health Insurance Portability and Accountability Act (HIPAA), which provides strict guidelines designed to protect the privacy of individually identifiable health information.
These rules don’t specify solutions, but rather focus on capabilities including administrative, physical, and technical safeguards surrounding the use and storage of Protected Healthcare Information (PHI).
Some Of The Technical Safeguards Include:
Policies and procedures in
place to only allow access
to persons or programs.
Ensure data has not been “altered or destroyed in an unauthorized manner.”
Ability to “record and examine activity in information systems that contain or use electronic health information.”
When a healthcare organization is breached, they are required by law to provide full disclosure about the attack and are subject to penalties. If it is found that they violated HIPAA rules set forth by the U.S. Department of Health and Human Services (HHS), they can be penalized.
To date, the HHS has investigated more than 19,000 cases and levied more than $25 million in fines.
enSilo – Helping Healthcare Organizations Protect Information
enSilo is a real-time endpoint security platform that ensures healthcare organizations effectively protect the privacy and integrity of sensitive data in their environment and prevent any unauthorized use.
Here’s how it can help satisfy HIPAAs technical safeguards around:
enSilo can identify and block any malicious, unauthorized outbound communication attempts.
Prevents the malicious encryption, deletion, or modification of PHI data.
Accurate alerts that identify a violation and pinpoint which systems are impacted.
How enSilo Works
enSilo stops data from being altered (encrypted), deleted, or stolen while also enabling legitimate operations to continue unaffected. The platform shuts down any malicious or unauthorized activity performed by a threat actor, while allowing business operations to continue as normal.
Because enSilo only looks at the processes involved and the communication mechanisms within the information systems – not the actual data – it maintains the privacy of the information.
enSilo Benefits for the Healthcare Industry
enSilo prevents data theft
Compliance with HIPAA
enSilo helps organizations address
pertinent HIPAA requirements
Accurate identification of attack activity targeting
healthcare information systems
and forensics information
Health information systems continue
operating even when infected
with advanced malware.