News Feature | February 21, 2014

HIT Security Compromised At 'Alarming' Frequency

Source: Health IT Outcomes
Katie Wike

By Katie Wike, contributing writer

Report finds networks and devices at 375 U.S. healthcare facilities were compromised during study; many still are

Norse, a provider of live threat intelligence-based security solutions, and SANS, a source for information security training, certification, and research, have released the results of a study showing healthcare’s “critical information assets are poorly protected and are often compromised.”

A press release further explains, “The report reveals that the networks and Internet-connected devices of organizations in virtually every healthcare category — from hospitals to insurance carriers to pharmaceutical companies — have been and continue to be compromised by successful attacks.

“A network compromise often leads to a data breach, potentially exposing the personally identifiable information of millions of consumers as well as the organization's own intellectual property and billing systems. In addition, these compromised networks allow cybercriminals to use the organization's network infrastructure and devices to launch attacks on other networks and to execute billions of dollars worth of fraudulent transactions.”

The study took place over 13 months, concluding October 2013, and revealed the following:

  • 49,917 unique events of a malicious nature took place
  • networks and devices at 375 U.S.-based healthcare-related organizations were compromised during this period, and some of them are still compromised
  • compromised devices included everything from radiology imaging software, to firewalls, to Web cameras, to mail servers
  • a significant number of compromises came about due to very basic issues such as not changing default credentials on firewalls

Barbara Filkins, Senior SANS Analyst and Healthcare Specialist, says, “This level of compromise and control could easily lead to a wide range of criminal activities that are currently not being detected. For example, hackers can engage in widespread theft of patient information that includes everything from medical conditions to social security numbers to home addresses, and they can even manipulate medical devices used to administer critical care."

"What SANS and Norse have uncovered in this report is, in a word, alarming," stated Sam Glines, CEO of Norse. "The sheer number of attacks being perpetrated against healthcare organizations is overwhelming, while the defenses in place are not nearly enough to neutralize them. So although the healthcare industry continues to search for ways to protect its data, many organizations are still not able to properly safeguard critical data, and both companies and consumers are paying the price."

Want to publish your opinion?
Contact us to become part of our Editorial Community.