By Charles Leaver

In healthcare, malware a constant threat

Big businesses are not the only victims of malware. In an age when almost every enterprise conducts most – if not all – of its vital operations in the cybersphere, all organizations are susceptible to attack. Two healthcare providers learned this the hard way when they separately were targeted by massive attacks. A look at the two malicious incursions suggests that all enterprises – not just retailers – should look into implementing the most stringent endpoint data protection solutions possible.

A malicious incursion goes unobserved for more than two years
Kaiser Permanente in Northern California is a leading healthcare provider that also oversees cutting-edge research projects. Since patient care constitutes the central part of its business, Kaiser keeps information on thousands of patients in its databases. Unfortunately, that patient information became compromised recently, according to HealthData Management.

More shocking than the breach itself – which led to the exposure of information for more than 5,000 patients – is the fact that the malware was inhabiting the server, unobserved, since October 2011, rendering the server vulnerable for more than two years.

“The malicious software broke down the server’s security barriers so we are investigating and responding with a very high level of caution and concern,” the letter to patients stated. “We are very sorry that this happened.”

The revelation that a strain of malware could burst through an enterprise’s security wall shouldn’t be surprising. This past year has seen a flurry of similar incidents, and they show no signs of slowing down. The number and force of the attacks is due in large part to the growing sophistication of the cybercriminal network. To combat such crimes, organizations must look into more advanced data leak prevention options.

Meanwhile in Michigan, a separate breach affects thousands
Kaiser Permanente was not the only healthcare operation to suffer a breach recently. In Michigan, the state’s Department of Community Health made an April 3 announcement that in late January a laptop and a flash drive were stolen from an official’s office. While the laptop was encrypted, the flash drive was not. Unfortunately for the MDCH, that flash drive contained information on more than 2,500 patients, including Social Security numbers or Medicaid ID numbers for 1,539 of those individuals.

“MDCH takes any potential breach of security with the utmost seriousness and sincerely regrets that this breach occurred,” said Chief Deputy Director Nick Lyon. “We are working swiftly to notify any individuals who may have been impacted and with staff to tighten our security procedures going forward.”

Better endpoint management can secure healthcare information databases
Few pieces of information are more private for an individual than health records, and any breach of that data can understandably lead to concerns among patients. For Kaiser and the MDHC, breaches like these lead not only to a cumbersome recovery process, but also a loss of patient trust. That, too, must be recovered. In order to do that, all healthcare providers need robust endpoint security and control features in place to protect privileged information.

Get the Blog Here