Network and Data Security Breaches Are Rising Exponentially
IIn today’s environment of massive data security breaches organizations more than ever need to deploy a defense in depth.
Firewalls no longer are enough to keep hackers out and prevent breaches. Threats can emanate from all directions, and often the first foothold an attacker can get is on a common desktop or laptop of an unsuspecting person who opens an e-mail attachment or visits a malicious website. Defending these systems is hard, but must be attempted. However, in the face of much evidence these systems will remain vulnerable and continue to be the source of many breaches. It is what happens next that must be considered and prepared for.
After the initial successful breach, the goal of an attacker will be to widen their foothold in an organization until they have compromised the valued data, or have control over the valued systems. Attackers spread themselves through additional systems through lateral attacks, jumping from one machine to the next until they can reach their goal. Each step is an opportunity to prevent or detect the attack, or prevent or detect the next attack.
For these reasons layers of security are required to find and prevent each link in the chain of attack. Continue reading
More than 720 data breaches occurred this year, and the top seven cyberattacks alone have left more than 193 million personal records open to fraud and identity theft, according to 10Fold Communcations.
Of the seven, the healthcare industry has the dubious honor of three top spots, with the Anthem breach leading the pack.
“Our research indicates that cybercriminals are increasingly going after targets in the medical and healthcare verticals, which store valuable patient data that can’t be reissued like a credit card,” Angela Griffo, vice president of 10Fold’s security practice, said in a press statement.
One of the reasons healthcare organizations face this challenge is the difficult balancing act when it comes to managing electronic medical records. Doctors, nurses and other caregivers as well as patients need online access to information to collaborate on care services. On the other hand, that same information must be protected from unauthorized access and data theft.
So in this battle of accessibility vs. vulnerability, how can internal IT teams strike the proper balance?
More than 10 million records were exposed in a data breach of health insurer Excellus BlueCross BlueShield and a partner company. That’s only a fraction of the size of a similar hack earlier this year, but it raises the question, “Again?”
The hack of Rochester, New York-based Excellus follows not just the breach of about 80 million health records from Anthem in January, but several smaller attacks against health care databases in California and New York. In July, the UCLA Health System announced hackers had accessed 4.5 million of its patient records. In June, an employee of a hospital called Montefiore Medical Center in New York was indicted for helping to steal 12,000 health care records.