IT@HEALTHCARE I N T E R V I E W
Important medical devices are almost never updated with the latest security patches One medical record is 10 times the value of credit card details in the underground market. This makes data breaches and medical identity theft a worrisome issue for both hospitals and patients. Atul Anchan, Director, Systems Engineering, India, Symantec tells Viveka Roychowdhury what makes this sector so vulnerable and outlines some cyber security strategies
Symantec’s Internet Security Threat Report (ISTR) Vol. 21 highlighted that globally, the largest number of breaches took place within the health
36
EXPRESS HEALTHCARE
January 2017
services sub-sector, which actually comprised 39 per cent of all breaches in 2015. Why is this sector so vulnerable to such attacks?
The healthcare industry is going digital with massive amounts of patient data stored and shared among organisations. But the bad news
is that attackers now target this sensitive and often personal information. According to the Symantec’s Internet Security Threat Report 2016 (ISTR), 78
million patient records were exposed last year in a major data breach at Anthem, the second largest healthcare provider in the US. This is no big surprise given that huge volumes of marketable and sellable data, lagging security, remote services, medical devices, special requirements to share and protect personal data. With the growing complexities of attacks, and interest of cyber criminals, security is slowly becoming the most top concern for the healthcare industry worldwide. Recently, Symantec also highlighted that the healthcare industry is vulnerable to attacks such as Gatak Trojan. The majority of Gatak infections (62 per cent) occur on enterprise computers. Analysis of recent enterprise attacks indicates that the healthcare sector is by far the most affected by Gatak. Of the top 20 most affected organisations (organisations with the most infected computers), 40 per cent were in the healthcare sector. In the past, the insurance sector was also heavily targeted by the group. How does the attack occur?