Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Health records are the new credit cards

Maria Korolov | March 20, 2015
Forget credit card numbers. The hot new data for the modern bad guy is the electronic health record, which is not only worth more on the black market, but is easier to get.

A second authentication step can make a huge difference.

Like banks that send a text message to confirm unusual transactions, companies can also use out-of-band authentication.

Those extra five or ten seconds, while only slightly inconvenient, could have saved Premera, Anthem, and Target, said John Zurawski, vice president at Chicago-based Authentify Inc.

"The Anthem breach was discovered when a user happened to notice activity against their own account," he said. "If that user had been required to re-authenticate via a separate channel, via their mobile phone for instance, the Anthem breach would have been discovered sooner. I suspect the same is true of Premera."

The Anthem and Premera attacks could be just the beginning, experts say.

"We be open to the possibility that a single incident is just one small part of a larger campaign," said Rich Barger, chief intelligence officer and director of threat intelligence at Arlington, VA-based ThreatConnect, Inc.

According to ThreatConnect's analysis, the Premera hack was being staged since late December 2013.

"Other insurance companies should be looking to Threat Intelligence Platform technology," Barger added.

Threat Intelligence Platforms allow for greatly improved information sharing, aggregation of threat streams and intelligent analysis, and help companies detect sophisticated attacks early enough to shut them down before they do any damage.

"Multiple health insurers have recently detected breaches with similar tactics and timelines, indicating seriously elevated risk levels to health insurers and the healthcare sector generally," confirmed Adam Meyer, chief security strategist at Sterling, VA-based SurfWatch Labs Inc. "I expect the healthcare industry to see increased attacks."

And the damage won't be limited to just the health care sector, he added.

"It increases risk across all industries as employees with plans provided by the impacted insurers are consistently targets of secondary attacks and victims of fraud," he said. "All organizations should review their healthcare industry exposure and assess the impact as a supply chain risk that has a direct impact to the workforce."

 

Previous Page  1  2 

Sign up for CIO Asia eNewsletters.