Health insurers `are known to have very large databases of rich personal data that can be sold for identity theft purposes and fraud,` says privacy and security expert Kate Borten, founder of The Marblehead Group consultancy. `Midsize and large healthcare provider organizations should also be on high alert for the same reason.`
Baltimore-based CareFirst BlueCross BlueShield disclosed on May 20 that an `unauthorized intrusion` into a database dating back to June 2014 resulted in a breach affecting 1.1 million individuals. Other Blues plans that have recently reported cyber-attacks are Anthem Inc., which says its breach impacted 78.8 million individuals, and Premera Blue Cross, which says 11 million were affected by its hacking incident.
Other Targets
Katherine Keefe, who heads breach response at the cyber-insurance company Beazley plc, predicts that health information exchange organizations, due to the large volume of data they handle, as well as electronic health record systems at hospitals - which are often configured to provide easy access to harried clinicians in healthcare settings, could be the next targets for hackers.
`The goal of EHRs in a hospital setting is to help make clinical decision-making more efficient and effective, and provide access to clinicians who need this information quickly,` she says. Also, role-based access controls, advanced authentication, and encryption aren`t typically part of the equation for many of these systems, she says. `That technology is perceived to slow down access for clinicians, who`d rather err on the side of good clinical decisions,` rather than worry about data breaches, she adds.
M&A Risks?
One reason why health insurers have proven to be prime targets for hackers, Keefe says, is that many of these companies have grown rapidly through mergers and acquisition, with a patchwork of systems and security practices and `treasure troves` of data.
That`s also true for many large integrated healthcare delivery systems, she adds. `There`s been a lot of consolidation in the healthcare industry,` she notes. For instance, Community Health System, a provider organizations that last August revealed a hacker breach affecting 4.5 million individuals, has also grown in recent years through mergers and acquisitions, she says.
Meanwhile, some health insurers also boast about the tens of millions of enrollees they cover, which also catches the attention of cybercriminals, Keefe says. `It`s like saying, `come and get us`,` she says. Data security needs to be `more front and center` at many healthcare organizations, she stresses.
While Blue Cross and Blue Shield affiliates, such as Anthem and Premera Blue Cross, are independent companies, they are linked together through the Blue Card program, in which these plans process each other`s members` insurance claims, Keefe says.
`The Blue Cross Blue Shield network is simply so large that they are a `rich` environment filled with some of the most valuable data when it comes to identity theft,` says Brad Cyprus, chief of security and compliance at Netsurion, a provider of cloud-based services. `It is also possible that by being one of their affiliates, there is some common technology that has an issue that has not been identified or fixed.
Read original article
No comments:
Post a Comment