violations. Such violations should have consequences that are appropriate to the action, ranging from an automated response alerting the user to the violation to a phone call from a manager.
This type of layered defense is more important than ever because of the changing nature of cyber threats. While many Internet criminals currently target consumers, Intel believes businesses will increasingly
become targets because they have lots of valuable data.
Additionally, the attacks are targeting more than just PCs; anything with a computer chip and software that holds potentially valuable data is a target.“If you’re using a smart phone, they’re going to attack
that if there’s anything of value for them, whether it be the use of your system without your permission or the data that’s on it,” Sparks says.“Is it personal data or competitive advantage information, and what measures will protect it?”
n By Ellen Messmer, 02/27/08
Healthcare organizations feel under increasing attack from the Internet, while security incidents involving insiders and disappearing laptops with sensitive data are piling up. On top of that, there’s now the prospect of a surprise audit from the federal government agency in charge of overseeing the Health Insurance Portability and Accountability Act security and privacy rules.
Healthcare organizations are stepping up efforts to protect electronic patient information as they witness increased attacks against hospital networks, mindful how a data breach could hurt patients and their own reputations.
“There is definitely an uptick in attacks,” says Dr. John Halamka, CIO at both Beth Israel Deaconess Medical Center and Harvard Medical School in the Boston area.“Privacy is the foun-
the 300 doctors in the Beth Israel Deaconess Physicians Organization, acknowledges computers in healthcare are sometimes compromised as spam relays or to host unauthorized content such as porn.
“It gives attackers a means to distribute it,” says Halamka.
While he has seen no evidence
of attackers targeting healthcare
networks to steal
patient data for
financial gain, other
security experts say
that dangerous trend
is well underway.
“Healthcare
organizations store
a lot of valuable
personal, identifiable
information such
as Social Security
numbers, names, addresses,
age, in addition to banking and
dation of everything we do. We don’t want to be the TJX of healthcare.” TJX is the
Framingham, Mass-based retailer which in 2007 disclosed a massive data breach involving customer records.
Dr. Halamka, who John Halamka has announced a project in electronic health records as an online service to
credit-card information,” says Don Jackson, researcher at Atlanta-based security services firm Secure Works.
Secure Works has recorded an 85% increase in the number of attempted attacks directed toward its healthcare clientele by Internet hackers, with these attempts jumping from 11,146 per healthcare client per day in the first half of 2007 to an average of 20,630 per day in the last half of last year through January 2008.
Secure Works believes that some of the most sought-after information is from patients who are members of preferred medical network plans, which hackers turn around and sell as credentials to criminals specializing in illegal immigration.
“Credentials information is
usually stolen via targeted cyber
Sponsored by HP ProCurve Networking
ProCurve.com/Choice
References:
Archives