SlideShare uma empresa Scribd logo

Cybercrime and the Healthcare Industry

E
EMC

This white paper discusses the various cyber threats targeting healthcare organizations and the challenges security professionals face in securing access to protected health information.

TecnologiaSaúde e medicinaNegócios
1 de 6
Baixar para ler offline
CYBERCRIME AND THE HEALTHCARE INDUSTRY Executive Summary Healthcare professionals are in a tight spot. As administrative technologies like Electronic Health Records (EHRs) and patient and provider portals become standard issue in healthcare organizations, the access to data and information so strongly demanded by patients, providers, payers, and employees is also fast becoming a target of scrutiny and risk. Regulations such as the Health Insurance Portability and Accountability Act (HIPAA) require healthcare organizations to implement administrative, physical and technical safeguards to ensure the integrity and privacy of patient records and other sensitive medical data. Despite increased protection, healthcare organizations are a target for cybercriminals because of the wealth of personal data they collect that can be monetized. The question is whether regulations alone will be enough to halt the hard reality of a successful cybercriminal network turning its attentions to the healthcare industry. These breaches can have dire implications for those whose records were breached. According to Javelin Strategy and Research, the correlation between receiving a data breach notification and being a victim of fraud is one in four – significantly up from one in nine that Javelin identified in 2010.1 So why is the data that is available in healthcare records so valuable to a cybercriminal? First, the theft of credit card and account data has a limited lifespan; it is useful only until the victim cancels the card numbers and accounts, whereas the information contained in medical records has much broader utility, can be used to commit multiple types of fraud or identity theft, and does not change, even if compromised. Second, the value of personal data to a cybercriminal is much higher than a credit card or bank account number. For example, the average selling price for a U.S. credit card in the underground is $1 USD. However when that single card is sold as part of a “fullz,” or full identity profile, the cost increases dramatically to around $500, with health insurance credentials adding an additional $20 each. Health insurance credentials are especially valuable in today’s economy, where skyrocketing healthcare costs are driving some to seek free medical care with these credentials.2 1 https://www.javelinstrategy.com/blog/2013/04/28 financial-pain-ensues-when-custodians-of-healthfail-to-be-good-stewards-of-privacy/ White Paper 2 http://www.darkreading.com/attacks-breaches/hackers-hawk-stolen-health-insurance-inf/240158396/ ?nomobile=1
Healthcare and other organizations are at a disadvantage when it comes to addressing the threat of cyber attacks. For one, financial services and retail organizations have been the traditional targets of criminals and as a result have developed more experience and insight mitigating the risk posed by cyber threats. Healthcare organizations need to quickly learn the hard lessons that financial services and retail organizations have learned over the last few years. When TJX Cos. experienced its massive data breach in which a hacker stole 45.6 million credit card numbers over a two-year period, the company had to set aside a $178 million cash reserve to compensate victims, and as recently as July 2010, settled an investor lawsuit that cost the company more than half a million dollars. Are healthcare organizations willing or able to bear the same costs? The Rise of Underground Cybercrime Networks For at least eight years, a vast underground network of cybercriminals has been growing in size and sophistication. Employing ingenious strategies and complex technological capabilities, they have been preying on financial services and retail organizations and their customers to steal account numbers, credit card numbers, personally identifiable information (PII), and other data that they can use to commit fraud, identity theft, or sell that data to other criminals in a thriving black market. The once-popular hacker stereotype of a lone, alienated techno-nerd breaking into an organization’s systems for fun has given way to a truly frightening reality of coordinated groups of innovative cybercriminals who collaborate, facilitate and strike aggressively. They rely on a range of advanced cyber-attack methods and social engineering techniques to steal sensitive data and then cash out in the real world, or in the same underground market where demand is well-publicized and fraudsters are well compensated. While cybercriminals have greatly evolved their methods and grew their networks to attack financial services and retail organizations, working around security measures that have been implemented through the years, no such gradual escalation is required when targeting new industries such as healthcare. The infrastructure exists and the methods are proven – and they are gradually being trained on new targets. Electronic Healthcare Data Creates New Risks The emergence of Electronic Health Records (EHR) and healthcare portals for patients and providers has made it easier to access and share medical information. While such access is necessary for improving patient care and safety – not to mention empowering patients and their families to make more informed decisions about care – it also makes it easier for cybercriminals to gain access to healthcare data and other personal information. EHRs and healthcare portals contain massive amounts of PII, including dates of birth and Social Security numbers, as well as sensitive information about medical diagnoses and treatments that violate patients’ privacy. And for those that enable payment of medical bills and other account management services online, there is also the prospect of gaining access to financial data. 3 http://www.idtheftcenter.org/ITRC%20Breach%20Stats%20Report%202013.pdf PAGE 2
“Hello, this is the voicemail of Healthcare Company ABC. If you are calling regarding an email you received indicating something about a complaint against you, please be advised that we did not send you that email. It is a fraud, scamming-type of malicious email and the attachment does contain a Trojan virus. Please do not open the attachment and delete the email from your system immediately.” This is an actual message that was left on the voice mail of an employee at a large healthcare association that was targeted by cybercriminals. In the attack, potential victims received a phishing email appearing to be from the healthcare company that cited a complaint had been filed against them and directed the user to open the attachment within the email for more details. Once the user clicked on the attachment, a Trojan virus was installed on their computer. The double use of phishing and malware within the same cyber attack is not new. However, it is a popular method being used by cybercriminals today to propagate malware, and they are using social engineering scams outside of the traditional phishing email that appears to be from a victim’s financial institution. Increasingly, RSA has witnessed brands across industries such as healthcare, government, education and oil and gas being exploited to serve as the face for these types of attacks. With the pervasiveness of information being made available electronically, healthcare organizations are increasingly attracting cybercriminals. As of June 2013, 45.2% of breaches identified by the Identity Theft Resource Center were in the medical/healthcare industry – in the first half of 2013 over two million records were compromised, representing 31.2% of all breaches. Healthcare was second only to business as far as number of breached identified.3 Certainly, the number of healthcare breaches is expected to grow. Why? There are numerous reasons. For one, it pays. The World Privacy Forum has reported that the street cost for stolen medical information is $50, versus $1 for a stolen Social Security number. The average payout for a medical identity theft is $20,000, compared to $2,000 for a regular identity theft. Second, it is harder to detect. Medical information fraud takes more than twice as long to identify as compared to regular identity theft4. Simply put, victims can close a compromised bank account, but they can’t delete or change their personal information, medical records or history of prescription use. Healthcare Data for Sale in the Underground Cybercrime in the healthcare industry is particularly heinous because the cybercriminals target not just consumer data but also information from healthcare providers, insurers, and pharmaceutical manufacturers and distributors. Using phishing, Trojans, and other malware infections, fraudsters target internal systems as well as connections to the systems from outside the healthcare organization. Once they get in, there are many ways to profit from the stolen information. Those who have no way or knowledge to use the information for their own illicit purposes, sell it. And when they do, they sell the same database to an average of 8 different criminals. Figure 1 shows an example of the increasing value of healthcare information in the criminal underground. In this case, a cybercriminal is trying to sell data on individual medical claims. The wealth of information shown for sale here is rather alarming – from personally identifiable information to medical history information including illnesses and diagnoses. Figure 1: A post in the underground seeking buyers for the medical records of over 6,500 patients 4  Javelin Strategy Research PAGE 3
Those who do have a crime scene in mind, act on it. For example, one of the ways in which cybercriminals are committing healthcare fraud is by filing false patient claims to insurers and government agencies that provide health services. With access to data contained within EHRs, a fraudster can use that information to bill for services that were never rendered. Figure 2 shows a cybercriminal seeking someone with access to information from healthcare or insurance providers and samples of completed medical claim forms to exploit for this purpose. Figure 2: A cybercriminal seeking data that will enable him to file false medical claims There is also a growing demand for pharmaceutical data in the underground. Cybercriminals can use this data to order prescriptions at multiple pharmacies and then attempt to resell the medicine online. Criminals can also buy prescriptions with another person’s account and reroute it to be delivered to the wrong place. Physicians’ information is also valuable to cybercriminals because they can use it to write fake prescriptions to facilitate schemes involving the purchase and resale of prescription drugs. Consumers of healthcare services are also affected in many ways by having their medical records exposed or breached. Some of the risks they face include: –– Personal data being used by criminals to open new credit accounts in their name –– eing wrongly accused of abusing medical services due to criminals filing false B medical claims using their information –– hreatened with blackmail or extortion from criminals threatening to expose sensitive T medical or health details (while no cases of blackmail have yet been reported with consumers of healthcare services, cybercriminals who had stolen 8.3 million patient records from the Virginia Prescription Monitoring Program demanded a $10 million ransom – this could certainly happen with the medical information of high-earning individuals) The Threats and Challenges Healthcare Organizations Face The harvesting of healthcare data by cybercriminals is both intentional and inadvertent. Intentional incidents are evident by the sheer number of data breaches targeting healthcare organizations as well as the estimated 250,000 to 500,000 medical identity thefts that take place each year5. Inadvertent losses are a result of the rapid proliferation of Trojans and malware that seek to steal financial data yet unintentionally collect other information such as login credentials to online healthcare portals. Essentially, the push to share and exchange medical information electronically is opening the door for healthcare organizations to become a target of cybercrime. The same cyber threats that have been used by criminals to attack financial institutions for years – including phishing, Trojans, malware, drive-by downloads, and other schemes – are now being leveraged to target users of healthcare portals. The types of healthcare data being collected and the ways criminals are attempting to monetize it are still evolving. But that still does not diminish the need for those who operate within the healthcare realm to recognize the impact cybercrime could have on their organization. 5  World Privacy Forum PAGE 4
The challenges facing healthcare organizations are many, both in terms of the range of security risks posed by cybercrime and introducing and educating on the threat within a culture that has not traditionally had to accommodate such imperatives. Security risks and issues that need to be addressed within the healthcare industry as they push out more information online include: –– ecuring enrollment to ensure that first-time users to a portal are who they say they S are before granting access to various applications –– ecuring access to online portals to prevent the loss of patient’s personal and S healthcare information –– ecuring access for physicians to clinical applications that contain patient data S –– ecuring access for payees and other third parties to sensitive data required to S perform their job –– Securing the web session both before and after login –– Educating employees on the risks of phishing and malware Driving Adoption of Healthcare Portals Healthcare portals are destined to become more prevalent especially in light of Meaningful Use requirements around EHR adoption. Stage 2 Meaningful Use Core Measures requires eligible healthcare providers to “Provide patients the ability to view online, download and transmit” health information. This objective is one of 16 (for hospitals) or 17 (for eligible professionals) that healthcare providers must meet in order to be eligible for incentives tied to EHR adoption. Providers who cannot demonstrate compliance with these objectives are ineligible for reimbursement A primary challenge of implementing stronger security within any online application is usability. One of the major goals of migrating patient services to the online channel is to provide easy and convenient access to data for all users within the healthcare ecosystem – including patients, providers and payees. Yet, any level of security that is applied must be done so without interfering with the ability of users to accomplish their goals or access the information they need quickly. For example, a reasonable concern that is voiced by providers is whether security will hinder their ability to access the information they need in order to administer patient care. Consumers are also concerned about the privacy and security of healthcare portals. This apprehension is valid as many portals solely utilize password-only protection, which is substandard for resources that contain masses of sensitive data given the sophistication of modern cyber threats. According to RSA’s Global Online Consumer Security Survey: –– 4% of consumers polled stated they were concerned with their personal information 6 being accessed or stolen on a healthcare site –– 9% of consumers polled stated their concerns with their personal information being 5 stolen makes them less likely to submit personal information to a healthcare site –– 4% of consumers polled stated that healthcare sites should implement a stronger 6 form of security to identify users when logging in –– 5% of consumers polled stated they would be willing to use stronger security if it 9 was offered at the healthcare site(s) they regularly visit In order to drive adoption of online portals, healthcare organizations must be able to assure users that they can access their systems securely and that any personal information contained within or submitted to the portal will be protected. PAGE 5
Conclusion Cybercrime is a very mature business. Cybercrime in the healthcare industry, however, is still in its relative infancy – and only because the exchange of healthcare information online in its relative infancy. Recent history provides ample evidence to conclude that the increase in healthcare data sharing via EHRs, personal health records, insurance portals, and prescription sites will inspire a commensurate increase in cybercriminal activity targeted at healthcare organizations. When phishing started to make a name for itself earlier last decade, it was hard to anticipate that we would be addressing the sophisticated cyber attacks we see today. But just as most financial institutions have implemented security measures to protect access to customers’ accounts and personal data, healthcare organizations will be doing the same. In general, healthcare organizations face increased risks compared to financial services and retail organizations because the types of information they hold are more valuable to a cybercriminal (even more valuable than just credit card numbers) and there are more access points to get to it. And healthcare organizations can’t just replicate what enterprises and institutions in other industries are doing - they need to adopt, implement, and utilize security solutions that are designed for their particular needs based on their risk profile, user environment, regulatory requirements and how sensitive information is used, shared, and accessed. Together, consumers, healthcare providers, payers, and the pharmaceutical drug industry must become aware of the potential cyber risks they face. Cybercrime in healthcare is just starting to evolve, but could quickly become a devastating industry, economic, and societal problem. Any solution must start with healthcare organizations themselves recognizing the potential impacts of cybercrime and taking aggressive steps to protect the sensitive information they create and exchange with the same commitment they bring to protecting patients from harm. About RSA RSA, The Security Division of EMC, is the premier provider of intelligence-driven security solutions. RSA helps the world’s leading organizations solve their most complex and sensitive security challenges: managing organizational risk, safeguarding mobile access and collaboration, preventing online fraud, and defending against advanced threats. Combining agile controls for identity assurance, fraud detection, and data protection, robust Security Analytics and industry-leading GRC capabilities, and expert consulting and advisory services, RSA brings visibility and trust to millions of user identities, the data they create, the transactions they perform, and the IT infrastructure they rely on. For more information, please visit www.RSA.com and www.EMC.com. RSA, the RSA logo, EMC2, and EMC are registered trademarks or trademarks of EMC Corporation in the United States and other countries. All other trademarks used herein are the property of their respective owners. ©2013 EMC Corporation. All rights reserved. Published in the USA. www.emc.com/rsa H12105 CYBERC WP 0713

Recomendados

Best Practices to Protect Cardholder Data Environment and Achieve PCI Compliance
Best Practices to Protect Cardholder Data Environment and Achieve PCI ComplianceBest Practices to Protect Cardholder Data Environment and Achieve PCI Compliance
Best Practices to Protect Cardholder Data Environment and Achieve PCI ComplianceRapid7
 
Data Breach White Paper
Data Breach White PaperData Breach White Paper
Data Breach White Paperspencerharry
 
CMW Cyber Liability Presentation
CMW Cyber Liability PresentationCMW Cyber Liability Presentation
CMW Cyber Liability PresentationSean Graham
 
Protecting Patient Health Information in the HITECH Era
Protecting Patient Health Information in the HITECH EraProtecting Patient Health Information in the HITECH Era
Protecting Patient Health Information in the HITECH EraRapid7
 
IT Security in Higher Education
IT Security in Higher EducationIT Security in Higher Education
IT Security in Higher EducationRapid7
 
Data Breach Response is a Team Sport
Data Breach Response is a Team SportData Breach Response is a Team Sport
Data Breach Response is a Team SportQuarles & Brady
 
HIPAA Security Trends and Future Expectations
HIPAA Security Trends and Future ExpectationsHIPAA Security Trends and Future Expectations
HIPAA Security Trends and Future ExpectationsPYA, P.C.
 
74 x9019 bea legal slides short form ged12.12.16
74 x9019 bea legal slides short form ged12.12.1674 x9019 bea legal slides short form ged12.12.16
74 x9019 bea legal slides short form ged12.12.16Glenn E. Davis
 

Recomendados

Best Practices to Protect Cardholder Data Environment and Achieve PCI Compliance
Best Practices to Protect Cardholder Data Environment and Achieve PCI ComplianceBest Practices to Protect Cardholder Data Environment and Achieve PCI Compliance
Best Practices to Protect Cardholder Data Environment and Achieve PCI ComplianceRapid7
 
Data Breach White Paper
Data Breach White PaperData Breach White Paper
Data Breach White Paperspencerharry
 
CMW Cyber Liability Presentation
CMW Cyber Liability PresentationCMW Cyber Liability Presentation
CMW Cyber Liability PresentationSean Graham
 
Protecting Patient Health Information in the HITECH Era
Protecting Patient Health Information in the HITECH EraProtecting Patient Health Information in the HITECH Era
Protecting Patient Health Information in the HITECH EraRapid7
 
IT Security in Higher Education
IT Security in Higher EducationIT Security in Higher Education
IT Security in Higher EducationRapid7
 
Data Breach Response is a Team Sport
Data Breach Response is a Team SportData Breach Response is a Team Sport
Data Breach Response is a Team SportQuarles & Brady
 
HIPAA Security Trends and Future Expectations
HIPAA Security Trends and Future ExpectationsHIPAA Security Trends and Future Expectations
HIPAA Security Trends and Future ExpectationsPYA, P.C.
 
74 x9019 bea legal slides short form ged12.12.16
74 x9019 bea legal slides short form ged12.12.1674 x9019 bea legal slides short form ged12.12.16
74 x9019 bea legal slides short form ged12.12.16Glenn E. Davis
 
Law_Firm_Info_Security_Report_June2011 (1)
Law_Firm_Info_Security_Report_June2011 (1)Law_Firm_Info_Security_Report_June2011 (1)
Law_Firm_Info_Security_Report_June2011 (1)Aspiration Software LLC
 
CSMFO 2012 Data Privacy in Local Government
CSMFO 2012 Data Privacy in Local GovernmentCSMFO 2012 Data Privacy in Local Government
CSMFO 2012 Data Privacy in Local GovernmentDonald E. Hester
 
Proven Practices to Protect Critical Data - DarkReading VTS Deck
Proven Practices to Protect Critical Data - DarkReading VTS DeckProven Practices to Protect Critical Data - DarkReading VTS Deck
Proven Practices to Protect Critical Data - DarkReading VTS DeckNetIQ
 
The Most Wonderful Time of the Year for Health-IT...NOT
The Most Wonderful Time of the Year for Health-IT...NOTThe Most Wonderful Time of the Year for Health-IT...NOT
The Most Wonderful Time of the Year for Health-IT...NOTCompliancy Group
 
Data Breaches
Data BreachesData Breaches
Data Breachessstose
 
wp-analyzing-breaches-by-industry
wp-analyzing-breaches-by-industrywp-analyzing-breaches-by-industry
wp-analyzing-breaches-by-industryNumaan Huq
 
Cyber liability and the growing threat to emergency services
Cyber liability and the growing threat to emergency servicesCyber liability and the growing threat to emergency services
Cyber liability and the growing threat to emergency servicesVFIS
 
Dealing Data Leaks: Creating Your Data Breach Response Plan
Dealing Data Leaks: Creating Your Data Breach Response PlanDealing Data Leaks: Creating Your Data Breach Response Plan
Dealing Data Leaks: Creating Your Data Breach Response Planbenefitexpress
 
wp-follow-the-data
wp-follow-the-datawp-follow-the-data
wp-follow-the-dataNumaan Huq
 
Logikcull Webinar: Preventing the Next Panama Papers
Logikcull Webinar: Preventing the Next Panama PapersLogikcull Webinar: Preventing the Next Panama Papers
Logikcull Webinar: Preventing the Next Panama PapersLogikcull.com
 
2016 02-23 Is it time for a Security and Compliance Assessment?
2016 02-23 Is it time for a Security and Compliance Assessment?2016 02-23 Is it time for a Security and Compliance Assessment?
2016 02-23 Is it time for a Security and Compliance Assessment?Raffa Learning Community
 
2017-01-24 Introduction of PCI and HIPAA Compliance
2017-01-24 Introduction of PCI and HIPAA Compliance2017-01-24 Introduction of PCI and HIPAA Compliance
2017-01-24 Introduction of PCI and HIPAA ComplianceRaffa Learning Community
 
CORMA-FW REPRINT-APR2015
CORMA-FW REPRINT-APR2015CORMA-FW REPRINT-APR2015
CORMA-FW REPRINT-APR2015Jörn Weber
 
Panel Cyber Security and Privacy without Carrie Waggoner
Panel Cyber Security and Privacy without Carrie WaggonerPanel Cyber Security and Privacy without Carrie Waggoner
Panel Cyber Security and Privacy without Carrie Waggonermihinpr
 
Information Privacy
Information PrivacyInformation Privacy
Information Privacyimehreenx
 
Cyber Threats and Insurance
Cyber Threats and InsuranceCyber Threats and Insurance
Cyber Threats and InsuranceEric Dean
 
Healthcare Attorneys Feel the Healthcare Industry Is More Vulnerable to Cyber...
Healthcare Attorneys Feel the Healthcare Industry Is More Vulnerable to Cyber...Healthcare Attorneys Feel the Healthcare Industry Is More Vulnerable to Cyber...
Healthcare Attorneys Feel the Healthcare Industry Is More Vulnerable to Cyber...mosmedicalreview
 
Data Security and Privacy Under The Compliance Spotlight April 2014
Data Security and Privacy Under The Compliance Spotlight April 2014Data Security and Privacy Under The Compliance Spotlight April 2014
Data Security and Privacy Under The Compliance Spotlight April 2014Adriana Sanford
 
Challenges in the Business and Law of Cybersecurity, CLEAR Cyber Conference, ...
Challenges in the Business and Law of Cybersecurity, CLEAR Cyber Conference, ...Challenges in the Business and Law of Cybersecurity, CLEAR Cyber Conference, ...
Challenges in the Business and Law of Cybersecurity, CLEAR Cyber Conference, ...Jay Kesan
 
Master Data in the Cloud: 5 Security Fundamentals
Master Data in the Cloud: 5 Security FundamentalsMaster Data in the Cloud: 5 Security Fundamentals
Master Data in the Cloud: 5 Security FundamentalsSarah Fane
 
Insaat kursu-konya
Insaat kursu-konyaInsaat kursu-konya
Insaat kursu-konyasersld54
 
De stress fest2013slideshow
De stress fest2013slideshowDe stress fest2013slideshow
De stress fest2013slideshowCheckIt Out
 

Mais conteúdo relacionado

Mais procurados

Law_Firm_Info_Security_Report_June2011 (1)
Law_Firm_Info_Security_Report_June2011 (1)Law_Firm_Info_Security_Report_June2011 (1)
Law_Firm_Info_Security_Report_June2011 (1)Aspiration Software LLC
 
CSMFO 2012 Data Privacy in Local Government
CSMFO 2012 Data Privacy in Local GovernmentCSMFO 2012 Data Privacy in Local Government
CSMFO 2012 Data Privacy in Local GovernmentDonald E. Hester
 
Proven Practices to Protect Critical Data - DarkReading VTS Deck
Proven Practices to Protect Critical Data - DarkReading VTS DeckProven Practices to Protect Critical Data - DarkReading VTS Deck
Proven Practices to Protect Critical Data - DarkReading VTS DeckNetIQ
 
The Most Wonderful Time of the Year for Health-IT...NOT
The Most Wonderful Time of the Year for Health-IT...NOTThe Most Wonderful Time of the Year for Health-IT...NOT
The Most Wonderful Time of the Year for Health-IT...NOTCompliancy Group
 
Data Breaches
Data BreachesData Breaches
Data Breachessstose
 
wp-analyzing-breaches-by-industry
wp-analyzing-breaches-by-industrywp-analyzing-breaches-by-industry
wp-analyzing-breaches-by-industryNumaan Huq
 
Cyber liability and the growing threat to emergency services
Cyber liability and the growing threat to emergency servicesCyber liability and the growing threat to emergency services
Cyber liability and the growing threat to emergency servicesVFIS
 
Dealing Data Leaks: Creating Your Data Breach Response Plan
Dealing Data Leaks: Creating Your Data Breach Response PlanDealing Data Leaks: Creating Your Data Breach Response Plan
Dealing Data Leaks: Creating Your Data Breach Response Planbenefitexpress
 
wp-follow-the-data
wp-follow-the-datawp-follow-the-data
wp-follow-the-dataNumaan Huq
 
Logikcull Webinar: Preventing the Next Panama Papers
Logikcull Webinar: Preventing the Next Panama PapersLogikcull Webinar: Preventing the Next Panama Papers
Logikcull Webinar: Preventing the Next Panama PapersLogikcull.com
 
2016 02-23 Is it time for a Security and Compliance Assessment?
2016 02-23 Is it time for a Security and Compliance Assessment?2016 02-23 Is it time for a Security and Compliance Assessment?
2016 02-23 Is it time for a Security and Compliance Assessment?Raffa Learning Community
 
2017-01-24 Introduction of PCI and HIPAA Compliance
2017-01-24 Introduction of PCI and HIPAA Compliance2017-01-24 Introduction of PCI and HIPAA Compliance
2017-01-24 Introduction of PCI and HIPAA ComplianceRaffa Learning Community
 
CORMA-FW REPRINT-APR2015
CORMA-FW REPRINT-APR2015CORMA-FW REPRINT-APR2015
CORMA-FW REPRINT-APR2015Jörn Weber
 
Panel Cyber Security and Privacy without Carrie Waggoner
Panel Cyber Security and Privacy without Carrie WaggonerPanel Cyber Security and Privacy without Carrie Waggoner
Panel Cyber Security and Privacy without Carrie Waggonermihinpr
 
Information Privacy
Information PrivacyInformation Privacy
Information Privacyimehreenx
 
Cyber Threats and Insurance
Cyber Threats and InsuranceCyber Threats and Insurance
Cyber Threats and InsuranceEric Dean
 
Healthcare Attorneys Feel the Healthcare Industry Is More Vulnerable to Cyber...
Healthcare Attorneys Feel the Healthcare Industry Is More Vulnerable to Cyber...Healthcare Attorneys Feel the Healthcare Industry Is More Vulnerable to Cyber...
Healthcare Attorneys Feel the Healthcare Industry Is More Vulnerable to Cyber...mosmedicalreview
 
Data Security and Privacy Under The Compliance Spotlight April 2014
Data Security and Privacy Under The Compliance Spotlight April 2014Data Security and Privacy Under The Compliance Spotlight April 2014
Data Security and Privacy Under The Compliance Spotlight April 2014Adriana Sanford
 
Challenges in the Business and Law of Cybersecurity, CLEAR Cyber Conference, ...
Challenges in the Business and Law of Cybersecurity, CLEAR Cyber Conference, ...Challenges in the Business and Law of Cybersecurity, CLEAR Cyber Conference, ...
Challenges in the Business and Law of Cybersecurity, CLEAR Cyber Conference, ...Jay Kesan
 
Master Data in the Cloud: 5 Security Fundamentals
Master Data in the Cloud: 5 Security FundamentalsMaster Data in the Cloud: 5 Security Fundamentals
Master Data in the Cloud: 5 Security FundamentalsSarah Fane
 

Mais procurados (20)

Law_Firm_Info_Security_Report_June2011 (1)
Law_Firm_Info_Security_Report_June2011 (1)Law_Firm_Info_Security_Report_June2011 (1)
Law_Firm_Info_Security_Report_June2011 (1)
 
CSMFO 2012 Data Privacy in Local Government
CSMFO 2012 Data Privacy in Local GovernmentCSMFO 2012 Data Privacy in Local Government
CSMFO 2012 Data Privacy in Local Government
 
Proven Practices to Protect Critical Data - DarkReading VTS Deck
Proven Practices to Protect Critical Data - DarkReading VTS DeckProven Practices to Protect Critical Data - DarkReading VTS Deck
Proven Practices to Protect Critical Data - DarkReading VTS Deck
 
The Most Wonderful Time of the Year for Health-IT...NOT
The Most Wonderful Time of the Year for Health-IT...NOTThe Most Wonderful Time of the Year for Health-IT...NOT
The Most Wonderful Time of the Year for Health-IT...NOT
 
Data Breaches
Data BreachesData Breaches
Data Breaches
 
wp-analyzing-breaches-by-industry
wp-analyzing-breaches-by-industrywp-analyzing-breaches-by-industry
wp-analyzing-breaches-by-industry
 
Cyber liability and the growing threat to emergency services
Cyber liability and the growing threat to emergency servicesCyber liability and the growing threat to emergency services
Cyber liability and the growing threat to emergency services
 
Dealing Data Leaks: Creating Your Data Breach Response Plan
Dealing Data Leaks: Creating Your Data Breach Response PlanDealing Data Leaks: Creating Your Data Breach Response Plan
Dealing Data Leaks: Creating Your Data Breach Response Plan
 
wp-follow-the-data
wp-follow-the-datawp-follow-the-data
wp-follow-the-data
 
Logikcull Webinar: Preventing the Next Panama Papers
Logikcull Webinar: Preventing the Next Panama PapersLogikcull Webinar: Preventing the Next Panama Papers
Logikcull Webinar: Preventing the Next Panama Papers
 
2016 02-23 Is it time for a Security and Compliance Assessment?
2016 02-23 Is it time for a Security and Compliance Assessment?2016 02-23 Is it time for a Security and Compliance Assessment?
2016 02-23 Is it time for a Security and Compliance Assessment?
 
2017-01-24 Introduction of PCI and HIPAA Compliance
2017-01-24 Introduction of PCI and HIPAA Compliance2017-01-24 Introduction of PCI and HIPAA Compliance
2017-01-24 Introduction of PCI and HIPAA Compliance
 
CORMA-FW REPRINT-APR2015
CORMA-FW REPRINT-APR2015CORMA-FW REPRINT-APR2015
CORMA-FW REPRINT-APR2015
 
Panel Cyber Security and Privacy without Carrie Waggoner
Panel Cyber Security and Privacy without Carrie WaggonerPanel Cyber Security and Privacy without Carrie Waggoner
Panel Cyber Security and Privacy without Carrie Waggoner
 
Information Privacy
Information PrivacyInformation Privacy
Information Privacy
 
Cyber Threats and Insurance
Cyber Threats and InsuranceCyber Threats and Insurance
Cyber Threats and Insurance
 
Healthcare Attorneys Feel the Healthcare Industry Is More Vulnerable to Cyber...
Healthcare Attorneys Feel the Healthcare Industry Is More Vulnerable to Cyber...Healthcare Attorneys Feel the Healthcare Industry Is More Vulnerable to Cyber...
Healthcare Attorneys Feel the Healthcare Industry Is More Vulnerable to Cyber...
 
Data Security and Privacy Under The Compliance Spotlight April 2014
Data Security and Privacy Under The Compliance Spotlight April 2014Data Security and Privacy Under The Compliance Spotlight April 2014
Data Security and Privacy Under The Compliance Spotlight April 2014
 
Challenges in the Business and Law of Cybersecurity, CLEAR Cyber Conference, ...
Challenges in the Business and Law of Cybersecurity, CLEAR Cyber Conference, ...Challenges in the Business and Law of Cybersecurity, CLEAR Cyber Conference, ...
Challenges in the Business and Law of Cybersecurity, CLEAR Cyber Conference, ...
 
Master Data in the Cloud: 5 Security Fundamentals
Master Data in the Cloud: 5 Security FundamentalsMaster Data in the Cloud: 5 Security Fundamentals
Master Data in the Cloud: 5 Security Fundamentals
 

Destaque

Insaat kursu-konya
Insaat kursu-konyaInsaat kursu-konya
Insaat kursu-konyasersld54
 
De stress fest2013slideshow
De stress fest2013slideshowDe stress fest2013slideshow
De stress fest2013slideshowCheckIt Out
 
Insaat kursu-eskisehir
Insaat kursu-eskisehirInsaat kursu-eskisehir
Insaat kursu-eskisehirsersld54
 
Determinants of supply fri032814
Determinants of supply fri032814Determinants of supply fri032814
Determinants of supply fri032814Travis Klein
 
El correu electrònic imad
El correu electrònic imadEl correu electrònic imad
El correu electrònic imadmgonellgomez
 
Subqueries For Superheroes
Subqueries For SuperheroesSubqueries For Superheroes
Subqueries For SuperheroesTracy McKibben
 
Day 7 reconstuction
Day 7 reconstuctionDay 7 reconstuction
Day 7 reconstuctionTravis Klein
 

Destaque (11)

Insaat kursu-konya
Insaat kursu-konyaInsaat kursu-konya
Insaat kursu-konya
 
De stress fest2013slideshow
De stress fest2013slideshowDe stress fest2013slideshow
De stress fest2013slideshow
 
Partially Contained Databases
Partially Contained DatabasesPartially Contained Databases
Partially Contained Databases
 
Insaat kursu-eskisehir
Insaat kursu-eskisehirInsaat kursu-eskisehir
Insaat kursu-eskisehir
 
Glossary
GlossaryGlossary
Glossary
 
Min wage 2014
Min wage 2014Min wage 2014
Min wage 2014
 
Determinants of supply fri032814
Determinants of supply fri032814Determinants of supply fri032814
Determinants of supply fri032814
 
El correu electrònic imad
El correu electrònic imadEl correu electrònic imad
El correu electrònic imad
 
Subqueries For Superheroes
Subqueries For SuperheroesSubqueries For Superheroes
Subqueries For Superheroes
 
Fri roman culture
Fri roman cultureFri roman culture
Fri roman culture
 
Day 7 reconstuction
Day 7 reconstuctionDay 7 reconstuction
Day 7 reconstuction
 

Semelhante a Cybercrime and the Healthcare Industry

Why cyber-criminals target Healthcare - Panda Security
Why cyber-criminals target Healthcare - Panda Security Why cyber-criminals target Healthcare - Panda Security
Why cyber-criminals target Healthcare - Panda Security Panda Security
 
Corporate role in protecting consumers from the risk of identity theft
Corporate role in protecting consumers from the risk of identity theftCorporate role in protecting consumers from the risk of identity theft
Corporate role in protecting consumers from the risk of identity theftIJCNCJournal
 
Medical Identity Theft and Its Serious Offshoots
Medical Identity Theft and Its Serious OffshootsMedical Identity Theft and Its Serious Offshoots
Medical Identity Theft and Its Serious Offshootsmosmedicalreview
 
Reviewing Scams: How Healthcare Leaders Are Fighting Medical Theft At The Hea...
Reviewing Scams: How Healthcare Leaders Are Fighting Medical Theft At The Hea...Reviewing Scams: How Healthcare Leaders Are Fighting Medical Theft At The Hea...
Reviewing Scams: How Healthcare Leaders Are Fighting Medical Theft At The Hea...Health 2Conf
 
Protected Harbor Data Breach Trend Report
Protected Harbor Data Breach Trend ReportProtected Harbor Data Breach Trend Report
Protected Harbor Data Breach Trend ReportProtected Harbor
 
Reasons for the Popularity of Medical Record Theft
Reasons for the Popularity of Medical Record TheftReasons for the Popularity of Medical Record Theft
Reasons for the Popularity of Medical Record TheftOPSWAT
 
Systems Thinking on a National Level, Part 2Drew David.docx
Systems Thinking on a National Level, Part 2Drew David.docxSystems Thinking on a National Level, Part 2Drew David.docx
Systems Thinking on a National Level, Part 2Drew David.docxperryk1
 
Cybersecurity Risks of 3rd Party Cloud-Apps in 2022 Whitepaper by Protected H...
Cybersecurity Risks of 3rd Party Cloud-Apps in 2022 Whitepaper by Protected H...Cybersecurity Risks of 3rd Party Cloud-Apps in 2022 Whitepaper by Protected H...
Cybersecurity Risks of 3rd Party Cloud-Apps in 2022 Whitepaper by Protected H...Protected Harbor
 
Safeguarding Legit Medical Data From Pharmaceutical Phishing
Safeguarding Legit Medical Data From Pharmaceutical PhishingSafeguarding Legit Medical Data From Pharmaceutical Phishing
Safeguarding Legit Medical Data From Pharmaceutical PhishingHealth 2Conf
 
Big data and cyber security legal risks and challenges
Big data and cyber security legal risks and challengesBig data and cyber security legal risks and challenges
Big data and cyber security legal risks and challengesKapil Mehrotra
 
Running head Information security threats 1Information secur.docx
Running head Information security threats 1Information secur.docxRunning head Information security threats 1Information secur.docx
Running head Information security threats 1Information secur.docxwlynn1
 
Fraud And Abuse In The U.S. Healthcare System
Fraud And Abuse In The U.S. Healthcare SystemFraud And Abuse In The U.S. Healthcare System
Fraud And Abuse In The U.S. Healthcare SystemKendra Cote
 
Reviewing The Legit Identity Theft In The Healthcare Sector
Reviewing The Legit Identity Theft In The Healthcare Sector Reviewing The Legit Identity Theft In The Healthcare Sector
Reviewing The Legit Identity Theft In The Healthcare Sector Health 2Conf
 
Data security
Data securityData security
Data securityoco26
 
Page 9 of 15Capstone ProjectYaima OrtizIDS-4934.docx
Page 9 of 15Capstone ProjectYaima OrtizIDS-4934.docxPage 9 of 15Capstone ProjectYaima OrtizIDS-4934.docx
Page 9 of 15Capstone ProjectYaima OrtizIDS-4934.docxkarlhennesey
 
Page 9 of 15Capstone ProjectYaima OrtizIDS-4934.docx
Page 9 of 15Capstone ProjectYaima OrtizIDS-4934.docxPage 9 of 15Capstone ProjectYaima OrtizIDS-4934.docx
Page 9 of 15Capstone ProjectYaima OrtizIDS-4934.docxhoney690131
 
Ivanti Threat Thursday for September 26th
Ivanti Threat Thursday for September 26thIvanti Threat Thursday for September 26th
Ivanti Threat Thursday for September 26thIvanti
 
(Executive Summary)MedStar Health Inc, a leader in the healthc
(Executive Summary)MedStar Health Inc, a leader in the healthc(Executive Summary)MedStar Health Inc, a leader in the healthc
(Executive Summary)MedStar Health Inc, a leader in the healthcSilvaGraf83
 

Semelhante a Cybercrime and the Healthcare Industry (20)

Why cyber-criminals target Healthcare - Panda Security
Why cyber-criminals target Healthcare - Panda Security Why cyber-criminals target Healthcare - Panda Security
Why cyber-criminals target Healthcare - Panda Security
 
Corporate role in protecting consumers from the risk of identity theft
Corporate role in protecting consumers from the risk of identity theftCorporate role in protecting consumers from the risk of identity theft
Corporate role in protecting consumers from the risk of identity theft
 
Medical Identity Theft and Its Serious Offshoots
Medical Identity Theft and Its Serious OffshootsMedical Identity Theft and Its Serious Offshoots
Medical Identity Theft and Its Serious Offshoots
 
Reviewing Scams: How Healthcare Leaders Are Fighting Medical Theft At The Hea...
Reviewing Scams: How Healthcare Leaders Are Fighting Medical Theft At The Hea...Reviewing Scams: How Healthcare Leaders Are Fighting Medical Theft At The Hea...
Reviewing Scams: How Healthcare Leaders Are Fighting Medical Theft At The Hea...
 
Protected Harbor Data Breach Trend Report
Protected Harbor Data Breach Trend ReportProtected Harbor Data Breach Trend Report
Protected Harbor Data Breach Trend Report
 
Reasons for the Popularity of Medical Record Theft
Reasons for the Popularity of Medical Record TheftReasons for the Popularity of Medical Record Theft
Reasons for the Popularity of Medical Record Theft
 
Systems Thinking on a National Level, Part 2Drew David.docx
Systems Thinking on a National Level, Part 2Drew David.docxSystems Thinking on a National Level, Part 2Drew David.docx
Systems Thinking on a National Level, Part 2Drew David.docx
 
Threatsploit Adversary Report January 2019
Threatsploit Adversary Report January 2019Threatsploit Adversary Report January 2019
Threatsploit Adversary Report January 2019
 
Cybersecurity Risks of 3rd Party Cloud-Apps in 2022 Whitepaper by Protected H...
Cybersecurity Risks of 3rd Party Cloud-Apps in 2022 Whitepaper by Protected H...Cybersecurity Risks of 3rd Party Cloud-Apps in 2022 Whitepaper by Protected H...
Cybersecurity Risks of 3rd Party Cloud-Apps in 2022 Whitepaper by Protected H...
 
Safeguarding Legit Medical Data From Pharmaceutical Phishing
Safeguarding Legit Medical Data From Pharmaceutical PhishingSafeguarding Legit Medical Data From Pharmaceutical Phishing
Safeguarding Legit Medical Data From Pharmaceutical Phishing
 
Big data and cyber security legal risks and challenges
Big data and cyber security legal risks and challengesBig data and cyber security legal risks and challenges
Big data and cyber security legal risks and challenges
 
Running head Information security threats 1Information secur.docx
Running head Information security threats 1Information secur.docxRunning head Information security threats 1Information secur.docx
Running head Information security threats 1Information secur.docx
 
Fraud And Abuse In The U.S. Healthcare System
Fraud And Abuse In The U.S. Healthcare SystemFraud And Abuse In The U.S. Healthcare System
Fraud And Abuse In The U.S. Healthcare System
 
Reviewing The Legit Identity Theft In The Healthcare Sector
Reviewing The Legit Identity Theft In The Healthcare Sector Reviewing The Legit Identity Theft In The Healthcare Sector
Reviewing The Legit Identity Theft In The Healthcare Sector
 
Data security
Data securityData security
Data security
 
IDT Red Flags White Paper By Wrf
IDT Red Flags White Paper By WrfIDT Red Flags White Paper By Wrf
IDT Red Flags White Paper By Wrf
 
Page 9 of 15Capstone ProjectYaima OrtizIDS-4934.docx
Page 9 of 15Capstone ProjectYaima OrtizIDS-4934.docxPage 9 of 15Capstone ProjectYaima OrtizIDS-4934.docx
Page 9 of 15Capstone ProjectYaima OrtizIDS-4934.docx
 
Page 9 of 15Capstone ProjectYaima OrtizIDS-4934.docx
Page 9 of 15Capstone ProjectYaima OrtizIDS-4934.docxPage 9 of 15Capstone ProjectYaima OrtizIDS-4934.docx
Page 9 of 15Capstone ProjectYaima OrtizIDS-4934.docx
 
Ivanti Threat Thursday for September 26th
Ivanti Threat Thursday for September 26thIvanti Threat Thursday for September 26th
Ivanti Threat Thursday for September 26th
 
(Executive Summary)MedStar Health Inc, a leader in the healthc
(Executive Summary)MedStar Health Inc, a leader in the healthc(Executive Summary)MedStar Health Inc, a leader in the healthc
(Executive Summary)MedStar Health Inc, a leader in the healthc
 

Mais de EMC

INDUSTRY-LEADING TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUD
INDUSTRY-LEADING TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUDINDUSTRY-LEADING TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUD
INDUSTRY-LEADING TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUDEMC
 
Cloud Foundry Summit Berlin Keynote
Cloud Foundry Summit Berlin Keynote Cloud Foundry Summit Berlin Keynote
Cloud Foundry Summit Berlin Keynote EMC
 
EMC GLOBAL DATA PROTECTION INDEX
EMC GLOBAL DATA PROTECTION INDEX EMC GLOBAL DATA PROTECTION INDEX
EMC GLOBAL DATA PROTECTION INDEX EMC
 
Transforming Desktop Virtualization with Citrix XenDesktop and EMC XtremIO
Transforming Desktop Virtualization with Citrix XenDesktop and EMC XtremIOTransforming Desktop Virtualization with Citrix XenDesktop and EMC XtremIO
Transforming Desktop Virtualization with Citrix XenDesktop and EMC XtremIOEMC
 
Citrix ready-webinar-xtremio
Citrix ready-webinar-xtremioCitrix ready-webinar-xtremio
Citrix ready-webinar-xtremioEMC
 
EMC FORUM RESEARCH GLOBAL RESULTS - 10,451 RESPONSES ACROSS 33 COUNTRIES
EMC FORUM RESEARCH GLOBAL RESULTS - 10,451 RESPONSES ACROSS 33 COUNTRIES EMC FORUM RESEARCH GLOBAL RESULTS - 10,451 RESPONSES ACROSS 33 COUNTRIES
EMC FORUM RESEARCH GLOBAL RESULTS - 10,451 RESPONSES ACROSS 33 COUNTRIES EMC
 
EMC with Mirantis Openstack
EMC with Mirantis OpenstackEMC with Mirantis Openstack
EMC with Mirantis OpenstackEMC
 
Modern infrastructure for business data lake
Modern infrastructure for business data lakeModern infrastructure for business data lake
Modern infrastructure for business data lakeEMC
 
Force Cyber Criminals to Shop Elsewhere
Force Cyber Criminals to Shop ElsewhereForce Cyber Criminals to Shop Elsewhere
Force Cyber Criminals to Shop ElsewhereEMC
 
Pivotal : Moments in Container History
Pivotal : Moments in Container History Pivotal : Moments in Container History
Pivotal : Moments in Container History EMC
 
Data Lake Protection - A Technical Review
Data Lake Protection - A Technical ReviewData Lake Protection - A Technical Review
Data Lake Protection - A Technical ReviewEMC
 
Mobile E-commerce: Friend or Foe
Mobile E-commerce: Friend or FoeMobile E-commerce: Friend or Foe
Mobile E-commerce: Friend or FoeEMC
 
Virtualization Myths Infographic
Virtualization Myths Infographic Virtualization Myths Infographic
Virtualization Myths Infographic EMC
 
Intelligence-Driven GRC for Security
Intelligence-Driven GRC for SecurityIntelligence-Driven GRC for Security
Intelligence-Driven GRC for SecurityEMC
 
The Trust Paradox: Access Management and Trust in an Insecure Age
The Trust Paradox: Access Management and Trust in an Insecure AgeThe Trust Paradox: Access Management and Trust in an Insecure Age
The Trust Paradox: Access Management and Trust in an Insecure AgeEMC
 
EMC Technology Day - SRM University 2015
EMC Technology Day - SRM University 2015EMC Technology Day - SRM University 2015
EMC Technology Day - SRM University 2015EMC
 
EMC Academic Summit 2015
EMC Academic Summit 2015EMC Academic Summit 2015
EMC Academic Summit 2015EMC
 
Data Science and Big Data Analytics Book from EMC Education Services
Data Science and Big Data Analytics Book from EMC Education ServicesData Science and Big Data Analytics Book from EMC Education Services
Data Science and Big Data Analytics Book from EMC Education ServicesEMC
 
Using EMC Symmetrix Storage in VMware vSphere Environments
Using EMC Symmetrix Storage in VMware vSphere EnvironmentsUsing EMC Symmetrix Storage in VMware vSphere Environments
Using EMC Symmetrix Storage in VMware vSphere EnvironmentsEMC
 
Using EMC VNX storage with VMware vSphereTechBook
Using EMC VNX storage with VMware vSphereTechBookUsing EMC VNX storage with VMware vSphereTechBook
Using EMC VNX storage with VMware vSphereTechBookEMC
 

Mais de EMC (20)

INDUSTRY-LEADING TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUD
INDUSTRY-LEADING TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUDINDUSTRY-LEADING TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUD
INDUSTRY-LEADING TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUD
 
Cloud Foundry Summit Berlin Keynote
Cloud Foundry Summit Berlin Keynote Cloud Foundry Summit Berlin Keynote
Cloud Foundry Summit Berlin Keynote
 
EMC GLOBAL DATA PROTECTION INDEX
EMC GLOBAL DATA PROTECTION INDEX EMC GLOBAL DATA PROTECTION INDEX
EMC GLOBAL DATA PROTECTION INDEX
 
Transforming Desktop Virtualization with Citrix XenDesktop and EMC XtremIO
Transforming Desktop Virtualization with Citrix XenDesktop and EMC XtremIOTransforming Desktop Virtualization with Citrix XenDesktop and EMC XtremIO
Transforming Desktop Virtualization with Citrix XenDesktop and EMC XtremIO
 
Citrix ready-webinar-xtremio
Citrix ready-webinar-xtremioCitrix ready-webinar-xtremio
Citrix ready-webinar-xtremio
 
EMC FORUM RESEARCH GLOBAL RESULTS - 10,451 RESPONSES ACROSS 33 COUNTRIES
EMC FORUM RESEARCH GLOBAL RESULTS - 10,451 RESPONSES ACROSS 33 COUNTRIES EMC FORUM RESEARCH GLOBAL RESULTS - 10,451 RESPONSES ACROSS 33 COUNTRIES
EMC FORUM RESEARCH GLOBAL RESULTS - 10,451 RESPONSES ACROSS 33 COUNTRIES
 
EMC with Mirantis Openstack
EMC with Mirantis OpenstackEMC with Mirantis Openstack
EMC with Mirantis Openstack
 
Modern infrastructure for business data lake
Modern infrastructure for business data lakeModern infrastructure for business data lake
Modern infrastructure for business data lake
 
Force Cyber Criminals to Shop Elsewhere
Force Cyber Criminals to Shop ElsewhereForce Cyber Criminals to Shop Elsewhere
Force Cyber Criminals to Shop Elsewhere
 
Pivotal : Moments in Container History
Pivotal : Moments in Container History Pivotal : Moments in Container History
Pivotal : Moments in Container History
 
Data Lake Protection - A Technical Review
Data Lake Protection - A Technical ReviewData Lake Protection - A Technical Review
Data Lake Protection - A Technical Review
 
Mobile E-commerce: Friend or Foe
Mobile E-commerce: Friend or FoeMobile E-commerce: Friend or Foe
Mobile E-commerce: Friend or Foe
 
Virtualization Myths Infographic
Virtualization Myths Infographic Virtualization Myths Infographic
Virtualization Myths Infographic
 
Intelligence-Driven GRC for Security
Intelligence-Driven GRC for SecurityIntelligence-Driven GRC for Security
Intelligence-Driven GRC for Security
 
The Trust Paradox: Access Management and Trust in an Insecure Age
The Trust Paradox: Access Management and Trust in an Insecure AgeThe Trust Paradox: Access Management and Trust in an Insecure Age
The Trust Paradox: Access Management and Trust in an Insecure Age
 
EMC Technology Day - SRM University 2015
EMC Technology Day - SRM University 2015EMC Technology Day - SRM University 2015
EMC Technology Day - SRM University 2015
 
EMC Academic Summit 2015
EMC Academic Summit 2015EMC Academic Summit 2015
EMC Academic Summit 2015
 
Data Science and Big Data Analytics Book from EMC Education Services
Data Science and Big Data Analytics Book from EMC Education ServicesData Science and Big Data Analytics Book from EMC Education Services
Data Science and Big Data Analytics Book from EMC Education Services
 
Using EMC Symmetrix Storage in VMware vSphere Environments
Using EMC Symmetrix Storage in VMware vSphere EnvironmentsUsing EMC Symmetrix Storage in VMware vSphere Environments
Using EMC Symmetrix Storage in VMware vSphere Environments
 
Using EMC VNX storage with VMware vSphereTechBook
Using EMC VNX storage with VMware vSphereTechBookUsing EMC VNX storage with VMware vSphereTechBook
Using EMC VNX storage with VMware vSphereTechBook
 

Último

Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 

Último (20)

Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 

Cybercrime and the Healthcare Industry

  • 1. CYBERCRIME AND THE HEALTHCARE INDUSTRY Executive Summary Healthcare professionals are in a tight spot. As administrative technologies like Electronic Health Records (EHRs) and patient and provider portals become standard issue in healthcare organizations, the access to data and information so strongly demanded by patients, providers, payers, and employees is also fast becoming a target of scrutiny and risk. Regulations such as the Health Insurance Portability and Accountability Act (HIPAA) require healthcare organizations to implement administrative, physical and technical safeguards to ensure the integrity and privacy of patient records and other sensitive medical data. Despite increased protection, healthcare organizations are a target for cybercriminals because of the wealth of personal data they collect that can be monetized. The question is whether regulations alone will be enough to halt the hard reality of a successful cybercriminal network turning its attentions to the healthcare industry. These breaches can have dire implications for those whose records were breached. According to Javelin Strategy and Research, the correlation between receiving a data breach notification and being a victim of fraud is one in four – significantly up from one in nine that Javelin identified in 2010.1 So why is the data that is available in healthcare records so valuable to a cybercriminal? First, the theft of credit card and account data has a limited lifespan; it is useful only until the victim cancels the card numbers and accounts, whereas the information contained in medical records has much broader utility, can be used to commit multiple types of fraud or identity theft, and does not change, even if compromised. Second, the value of personal data to a cybercriminal is much higher than a credit card or bank account number. For example, the average selling price for a U.S. credit card in the underground is $1 USD. However when that single card is sold as part of a “fullz,” or full identity profile, the cost increases dramatically to around $500, with health insurance credentials adding an additional $20 each. Health insurance credentials are especially valuable in today’s economy, where skyrocketing healthcare costs are driving some to seek free medical care with these credentials.2 1 https://www.javelinstrategy.com/blog/2013/04/28 financial-pain-ensues-when-custodians-of-healthfail-to-be-good-stewards-of-privacy/ White Paper 2 http://www.darkreading.com/attacks-breaches/hackers-hawk-stolen-health-insurance-inf/240158396/ ?nomobile=1
  • 2. Healthcare and other organizations are at a disadvantage when it comes to addressing the threat of cyber attacks. For one, financial services and retail organizations have been the traditional targets of criminals and as a result have developed more experience and insight mitigating the risk posed by cyber threats. Healthcare organizations need to quickly learn the hard lessons that financial services and retail organizations have learned over the last few years. When TJX Cos. experienced its massive data breach in which a hacker stole 45.6 million credit card numbers over a two-year period, the company had to set aside a $178 million cash reserve to compensate victims, and as recently as July 2010, settled an investor lawsuit that cost the company more than half a million dollars. Are healthcare organizations willing or able to bear the same costs? The Rise of Underground Cybercrime Networks For at least eight years, a vast underground network of cybercriminals has been growing in size and sophistication. Employing ingenious strategies and complex technological capabilities, they have been preying on financial services and retail organizations and their customers to steal account numbers, credit card numbers, personally identifiable information (PII), and other data that they can use to commit fraud, identity theft, or sell that data to other criminals in a thriving black market. The once-popular hacker stereotype of a lone, alienated techno-nerd breaking into an organization’s systems for fun has given way to a truly frightening reality of coordinated groups of innovative cybercriminals who collaborate, facilitate and strike aggressively. They rely on a range of advanced cyber-attack methods and social engineering techniques to steal sensitive data and then cash out in the real world, or in the same underground market where demand is well-publicized and fraudsters are well compensated. While cybercriminals have greatly evolved their methods and grew their networks to attack financial services and retail organizations, working around security measures that have been implemented through the years, no such gradual escalation is required when targeting new industries such as healthcare. The infrastructure exists and the methods are proven – and they are gradually being trained on new targets. Electronic Healthcare Data Creates New Risks The emergence of Electronic Health Records (EHR) and healthcare portals for patients and providers has made it easier to access and share medical information. While such access is necessary for improving patient care and safety – not to mention empowering patients and their families to make more informed decisions about care – it also makes it easier for cybercriminals to gain access to healthcare data and other personal information. EHRs and healthcare portals contain massive amounts of PII, including dates of birth and Social Security numbers, as well as sensitive information about medical diagnoses and treatments that violate patients’ privacy. And for those that enable payment of medical bills and other account management services online, there is also the prospect of gaining access to financial data. 3 http://www.idtheftcenter.org/ITRC%20Breach%20Stats%20Report%202013.pdf PAGE 2
  • 3. “Hello, this is the voicemail of Healthcare Company ABC. If you are calling regarding an email you received indicating something about a complaint against you, please be advised that we did not send you that email. It is a fraud, scamming-type of malicious email and the attachment does contain a Trojan virus. Please do not open the attachment and delete the email from your system immediately.” This is an actual message that was left on the voice mail of an employee at a large healthcare association that was targeted by cybercriminals. In the attack, potential victims received a phishing email appearing to be from the healthcare company that cited a complaint had been filed against them and directed the user to open the attachment within the email for more details. Once the user clicked on the attachment, a Trojan virus was installed on their computer. The double use of phishing and malware within the same cyber attack is not new. However, it is a popular method being used by cybercriminals today to propagate malware, and they are using social engineering scams outside of the traditional phishing email that appears to be from a victim’s financial institution. Increasingly, RSA has witnessed brands across industries such as healthcare, government, education and oil and gas being exploited to serve as the face for these types of attacks. With the pervasiveness of information being made available electronically, healthcare organizations are increasingly attracting cybercriminals. As of June 2013, 45.2% of breaches identified by the Identity Theft Resource Center were in the medical/healthcare industry – in the first half of 2013 over two million records were compromised, representing 31.2% of all breaches. Healthcare was second only to business as far as number of breached identified.3 Certainly, the number of healthcare breaches is expected to grow. Why? There are numerous reasons. For one, it pays. The World Privacy Forum has reported that the street cost for stolen medical information is $50, versus $1 for a stolen Social Security number. The average payout for a medical identity theft is $20,000, compared to $2,000 for a regular identity theft. Second, it is harder to detect. Medical information fraud takes more than twice as long to identify as compared to regular identity theft4. Simply put, victims can close a compromised bank account, but they can’t delete or change their personal information, medical records or history of prescription use. Healthcare Data for Sale in the Underground Cybercrime in the healthcare industry is particularly heinous because the cybercriminals target not just consumer data but also information from healthcare providers, insurers, and pharmaceutical manufacturers and distributors. Using phishing, Trojans, and other malware infections, fraudsters target internal systems as well as connections to the systems from outside the healthcare organization. Once they get in, there are many ways to profit from the stolen information. Those who have no way or knowledge to use the information for their own illicit purposes, sell it. And when they do, they sell the same database to an average of 8 different criminals. Figure 1 shows an example of the increasing value of healthcare information in the criminal underground. In this case, a cybercriminal is trying to sell data on individual medical claims. The wealth of information shown for sale here is rather alarming – from personally identifiable information to medical history information including illnesses and diagnoses. Figure 1: A post in the underground seeking buyers for the medical records of over 6,500 patients 4  Javelin Strategy Research PAGE 3
  • 4. Those who do have a crime scene in mind, act on it. For example, one of the ways in which cybercriminals are committing healthcare fraud is by filing false patient claims to insurers and government agencies that provide health services. With access to data contained within EHRs, a fraudster can use that information to bill for services that were never rendered. Figure 2 shows a cybercriminal seeking someone with access to information from healthcare or insurance providers and samples of completed medical claim forms to exploit for this purpose. Figure 2: A cybercriminal seeking data that will enable him to file false medical claims There is also a growing demand for pharmaceutical data in the underground. Cybercriminals can use this data to order prescriptions at multiple pharmacies and then attempt to resell the medicine online. Criminals can also buy prescriptions with another person’s account and reroute it to be delivered to the wrong place. Physicians’ information is also valuable to cybercriminals because they can use it to write fake prescriptions to facilitate schemes involving the purchase and resale of prescription drugs. Consumers of healthcare services are also affected in many ways by having their medical records exposed or breached. Some of the risks they face include: –– Personal data being used by criminals to open new credit accounts in their name –– eing wrongly accused of abusing medical services due to criminals filing false B medical claims using their information –– hreatened with blackmail or extortion from criminals threatening to expose sensitive T medical or health details (while no cases of blackmail have yet been reported with consumers of healthcare services, cybercriminals who had stolen 8.3 million patient records from the Virginia Prescription Monitoring Program demanded a $10 million ransom – this could certainly happen with the medical information of high-earning individuals) The Threats and Challenges Healthcare Organizations Face The harvesting of healthcare data by cybercriminals is both intentional and inadvertent. Intentional incidents are evident by the sheer number of data breaches targeting healthcare organizations as well as the estimated 250,000 to 500,000 medical identity thefts that take place each year5. Inadvertent losses are a result of the rapid proliferation of Trojans and malware that seek to steal financial data yet unintentionally collect other information such as login credentials to online healthcare portals. Essentially, the push to share and exchange medical information electronically is opening the door for healthcare organizations to become a target of cybercrime. The same cyber threats that have been used by criminals to attack financial institutions for years – including phishing, Trojans, malware, drive-by downloads, and other schemes – are now being leveraged to target users of healthcare portals. The types of healthcare data being collected and the ways criminals are attempting to monetize it are still evolving. But that still does not diminish the need for those who operate within the healthcare realm to recognize the impact cybercrime could have on their organization. 5  World Privacy Forum PAGE 4
  • 5. The challenges facing healthcare organizations are many, both in terms of the range of security risks posed by cybercrime and introducing and educating on the threat within a culture that has not traditionally had to accommodate such imperatives. Security risks and issues that need to be addressed within the healthcare industry as they push out more information online include: –– ecuring enrollment to ensure that first-time users to a portal are who they say they S are before granting access to various applications –– ecuring access to online portals to prevent the loss of patient’s personal and S healthcare information –– ecuring access for physicians to clinical applications that contain patient data S –– ecuring access for payees and other third parties to sensitive data required to S perform their job –– Securing the web session both before and after login –– Educating employees on the risks of phishing and malware Driving Adoption of Healthcare Portals Healthcare portals are destined to become more prevalent especially in light of Meaningful Use requirements around EHR adoption. Stage 2 Meaningful Use Core Measures requires eligible healthcare providers to “Provide patients the ability to view online, download and transmit” health information. This objective is one of 16 (for hospitals) or 17 (for eligible professionals) that healthcare providers must meet in order to be eligible for incentives tied to EHR adoption. Providers who cannot demonstrate compliance with these objectives are ineligible for reimbursement A primary challenge of implementing stronger security within any online application is usability. One of the major goals of migrating patient services to the online channel is to provide easy and convenient access to data for all users within the healthcare ecosystem – including patients, providers and payees. Yet, any level of security that is applied must be done so without interfering with the ability of users to accomplish their goals or access the information they need quickly. For example, a reasonable concern that is voiced by providers is whether security will hinder their ability to access the information they need in order to administer patient care. Consumers are also concerned about the privacy and security of healthcare portals. This apprehension is valid as many portals solely utilize password-only protection, which is substandard for resources that contain masses of sensitive data given the sophistication of modern cyber threats. According to RSA’s Global Online Consumer Security Survey: –– 4% of consumers polled stated they were concerned with their personal information 6 being accessed or stolen on a healthcare site –– 9% of consumers polled stated their concerns with their personal information being 5 stolen makes them less likely to submit personal information to a healthcare site –– 4% of consumers polled stated that healthcare sites should implement a stronger 6 form of security to identify users when logging in –– 5% of consumers polled stated they would be willing to use stronger security if it 9 was offered at the healthcare site(s) they regularly visit In order to drive adoption of online portals, healthcare organizations must be able to assure users that they can access their systems securely and that any personal information contained within or submitted to the portal will be protected. PAGE 5
  • 6. Conclusion Cybercrime is a very mature business. Cybercrime in the healthcare industry, however, is still in its relative infancy – and only because the exchange of healthcare information online in its relative infancy. Recent history provides ample evidence to conclude that the increase in healthcare data sharing via EHRs, personal health records, insurance portals, and prescription sites will inspire a commensurate increase in cybercriminal activity targeted at healthcare organizations. When phishing started to make a name for itself earlier last decade, it was hard to anticipate that we would be addressing the sophisticated cyber attacks we see today. But just as most financial institutions have implemented security measures to protect access to customers’ accounts and personal data, healthcare organizations will be doing the same. In general, healthcare organizations face increased risks compared to financial services and retail organizations because the types of information they hold are more valuable to a cybercriminal (even more valuable than just credit card numbers) and there are more access points to get to it. And healthcare organizations can’t just replicate what enterprises and institutions in other industries are doing - they need to adopt, implement, and utilize security solutions that are designed for their particular needs based on their risk profile, user environment, regulatory requirements and how sensitive information is used, shared, and accessed. Together, consumers, healthcare providers, payers, and the pharmaceutical drug industry must become aware of the potential cyber risks they face. Cybercrime in healthcare is just starting to evolve, but could quickly become a devastating industry, economic, and societal problem. Any solution must start with healthcare organizations themselves recognizing the potential impacts of cybercrime and taking aggressive steps to protect the sensitive information they create and exchange with the same commitment they bring to protecting patients from harm. About RSA RSA, The Security Division of EMC, is the premier provider of intelligence-driven security solutions. RSA helps the world’s leading organizations solve their most complex and sensitive security challenges: managing organizational risk, safeguarding mobile access and collaboration, preventing online fraud, and defending against advanced threats. Combining agile controls for identity assurance, fraud detection, and data protection, robust Security Analytics and industry-leading GRC capabilities, and expert consulting and advisory services, RSA brings visibility and trust to millions of user identities, the data they create, the transactions they perform, and the IT infrastructure they rely on. For more information, please visit www.RSA.com and www.EMC.com. RSA, the RSA logo, EMC2, and EMC are registered trademarks or trademarks of EMC Corporation in the United States and other countries. All other trademarks used herein are the property of their respective owners. ©2013 EMC Corporation. All rights reserved. Published in the USA. www.emc.com/rsa H12105 CYBERC WP 0713