Is Your Healthcare Organization at Risk of a Cyber Attack on Your PHI?
“Massive amounts of private health information (PHI) are stored in Health Information Exchanges (HIEs) ready for analysis by those in the healthcare industry for the benefit of all,” notes Suni Munshani. “[But] the healthcare industry must find new ways to defend itself and its sensitive data from bad actors also keen to leverage the wealth of private information found in these large repositories and complicated healthcare ecosystems,” he says.
Munshani is the CEO of Protegrity. He warns that the dangers of ransomware attacks on your PHI are increasing:
“Early versions of ransomware requiring human interaction to lock up Windows systems have evolved into innocuously named but devastating threats such as Samsam (or Samas), Locky, and Jigsaw. These newer strains are identified as cryptoworms in recognition of their ability to penetrate and infect networks autonomously. Once hackers have penetrated systems, often via phishing emails, self-perpetuating malware takes advantage of network vulnerabilities to find and appropriate credentials that allow unfettered access to sensitive and PHI data, which is encrypted and held hostage, or in extreme cases deleted, until a ransom is paid.”
Of course, even if you don’t get a ransom note, you may still face a costly foe in the form of HIPAA penalties—and your data may not be as protected as you think. “HIPAA endorses encryption for data protection and many organizations also use tokenization or other de-identification technologies to keep data safe in use and at rest, but these approaches offer no protection against ransomware,” Munshani says.
How can you, as a healthcare provider, protect yourself and your PHI? Learn how by reading our new article: The Worm That Turned Hostage Taker: Protect Your Data to Protect Your Brand.