There is little surprise to learn that cybercriminals are now focused at “healthcare IT infrastructure,…also connected medical devices, mobile computing devices used by medal staff and, most profitably, electronic health records (EHR) systems.” The July 12, 2016 DarkReading report entitled “Healthcare Hacks Face Critical Condition” referenced InfoArmor’s report “Healthcare under attack – CyberCriminals Target Medical Institutions” which included these observations:
…four attacks against US-based healthcare organizations, attackers in a theft campaign this spring were able to steal at least 600,000 detailed patient records and place 3 terabytes of associated data on the Dark Web’s black market.
These included MRI and X-ray images, patient-specific biometrics, and doctor’s treatment notes. In initial reports of the breaches that came to light last month, the threat actors themselves claimed they had access to millions of records, as well as persistent unauthorized access to medical organizations’ systems for ransomware distribution.
HIPAA “Covered Entities” need to be on high alert!