Healthcare Breaches Affected 11.5 Million People in 2018

Infosecurity Magazine | February 26, 2019

Healthcare Breaches Affected 11.5 Million People in 2018
The total number of records exposed in the healthcare sector rose to 11.5 million in 2018, according to the fifth annual Healthcare Breach Report, published by Bitglass. The number of breaches reached a three-year low at 290 breaches total; however, the number of exposed records nearly doubled from 2017. Also notable in the report was that nearly half (46%) of the 11.5 million individuals who were affected by healthcare breaches in 2018 were so because of hacking and IT incidents.  An analysis of data acquired from a US Department of Health and Human Services (HHS) database that holds information on breaches involving protected health information (PHI) revealed that breaches in the healthcare industry fell into one of four categories. In addition to those breaches related to malicious hackers and improper IT security, 36% of healthcare data breaches were categorized as caused by unauthorized access or disclosure of protected health information. A smaller number were the result of theft of endpoint devices. According to the report, the number of breaches caused by lost and stolen devices has fallen by nearly 70% since 2014. The final category encompassed those miscellaneous breaches and leaks related to items such as improper disposal of data.

Spotlight

In mid-2017, the industry was shaken by a major cyber-attack against Maersk, the world’s largest container shipping company, which led the sector to adopt a new look at cyber security issues. 2018 validated this trend as cyber incidents continued affecting operators, ports, and shipbuilders. Ransomware infections are often instigated through phishing emails, which makes employees' awareness and preparedness vital.

Related News

DATA SECURITY

ActZero to Partner with Zeguro to Give Holistic Cyber Risk Management and Response for all Businesses

ActZero | June 10, 2021

ActZero, a cybersecurity startup, has decided to partner with Zeguro, a cyber-insurance provider, to create a complete cyber risk management solution for mid-size and small-size businesses. As ransomware is becoming the norm and bad actors come against SMBs that are less-well-resourced, businesses seek far better solutions for security and insurance. To keep business premiums low and business secure, cyber insurance providers have long been advocated for clients to leverage response and detection capabilities that will reduce various risks of cyber threats in operations. This relationship will enable multiple organizations to know about management strategies of risks across both paths. The intelligent managed detection and response (MDR) service of ActZero provides protection, response, and monitoring 24/7 support. Earlier times, advanced cybersecurity technologies were accessed by corporates only as it was considered a luxury. SMBs can effectively prevent intrusions and manage threats with ActZero. Innovation in machine learning and artificial intelligence and a novel combination of threat-hunting expertise of the platform will assist SMBs for it. ActZero has the capabilities that strengthen its clients to elucidate and toughen their security, strengthen their defense competencies, and significantly decrease risk over time. The mission of Zeguro is to simplify cyber insurance through effortlessly achievable and comprehensible cyber quotes that can obtain in a few minutes. Customers of ActZero can take benefit of its relationship with Zeguro to inexpensively accomplish coverage for loss of revenue from payment fraud, breaches, regulatory fines, ransomware, and more. About ActZero ActZero enables companies to become secure utilizing fewer internal resources. They combine threat hunting expertise with emerging AI and ML technology to identify more vulnerability more quickly, proactively recommend and prioritize actions to seal gaps, rapidly contain and remediate threats and ultimately harden their customers' cybersecurity posture. They illuminate a different path forward for IT and security professionals that don't involve building one's own SOC. About Zeguro Zeguro provides holistic risk management to organizations of all sizes through its integrated cybersecurity and cyber insurance solutions. These solutions include insurance premiums tailored to the sector, size, and profile of a company and a suite of Cyber Safety tools for risk mitigation and compliance.

Read More

DATA SECURITY

Smithers Announces the Launch of Information Security Services

Smithers | May 25, 2021

Smithers, a leading provider of testing, consulting, information, and compliance services, is pleased to announce the launch of its information security services department. This agency will provide auditing and certification services for NIST SP 800-171 and the Cybersecurity Maturity Model Certification (CMMC), as well as other customized information security offerings. Smithers Quality Assessments Division offers 25+ years of high-touch, value-added third-party auditing expertise to the CMMC program, including trained, professional auditors to perform CMMC assessments for organizations that are current suppliers to the United States (US) Department of Defense, as well as those looking to meet the requirements of being a supplier. Smithers' information security service offering ensures the security of clients' sensitive data by delivering reliable assessments on time and with a high level of touch. "Information security threats continue to intensify as a significant concern to organizations of all sizes," says Jeanette Preston, President of Smithers Quality Assessments Division. "As a matter of business continuity, many companies would be required to ensure sensitive data security as a requirement to do business with defense, governmental agencies, and highly regulated industries." The information security services department will be launched and led by Aaron Troschinetz, General Manager for Smithers Quality Assessments Division in North America. "During audits, we see that clients have a genuine need for these facilities," Troschinetz says. "Companies do not need multiple vendors because we provide information security in addition to our existing auditing and certification services. Smithers is now capable of serving as their full-service trusted partner." About Smithers Smithers is a multinational provider of testing, consulting, information, and compliance services that were founded in 1925 and is headquartered in Akron, Ohio. Smithers serves customers in the transportation, life science, packaging, fabrics, parts, consumer, and energy sectors through laboratories and operations in North America, Europe, and Asia. Smithers integrates science, technology, and business expertise to provide accurate data on time and with a high touch, allowing consumers to innovate with confidence.

Read More

ENTERPRISE SECURITY

SecurityScorecard Partners with Tenable to Deliver Complete Cyber Risk Monitoring

SecurityScorecard | August 23, 2021

SecurityScorecard, the global leader in security ratings, today announces a partnership with Tenable the Cyber Exposure company, to deliver a comprehensive view into an organization's risk posture by marrying Tenable's unmatched visibility and depth of analytics into enterprise environments with external cyber monitoring powered by SecurityScorecard. As a result of this partnership, CISOs, IT leaders and security teams are able to review their SecurityScorecard rating, assess their external cybersecurity health, and understand their risk posture directly within the Tenable Lumin dashboard. "Understanding your up-to-date risk posture has become a necessity in a world that's increasingly more complex, dynamic and transient," said Ray Komar, vice president of technical alliances, Tenable. "We're excited to partner with SecurityScorecard to give customers complete visibility into the risks that exist inside and outside their environment, and guidance for how to most effectively reduce that risk, all in a single platform." Point-in-time or periodic cybersecurity testing procedures have become antiquated. Today's cyber risks change by the minute and companies need a solution that keeps pace with the dynamic nature of cybersecurity by continuously monitoring for exposures and measuring the security posture and cyber resilience across the organization. "Organizations must be proactive to address cyber breaches, and security ratings are the foundation to measuring and understanding security resilience in real time," says Aleksandr Yampolskiy, CEO and co-founder of SecurityScorecard. "Together, SecurityScorecard and Tenable are advancing a new standard for continuous monitoring by blending external and internal risk assessments, which provide organizations with a holistic view into the risks that exist in their environments." The integration pairs Tenable Lumin's advanced analytics capabilities for assessing risk alongside real-time visibility of external vulnerabilities from SecurityScorecard. This arms Tenable Lumin customers with the intelligence to develop external risk management and threat detection playbooks through real-time updates, allowing organizations to effectively identify and respond to threats and risks. SecurityScorecard continuously monitors millions of entities globally, and uses non-intrusive proprietary methods to assess their security posture across ten risk categories to instantly deliver an easy-to-understand "A" through "F" rating; including DNS health, IP reputation, web application security, network security, leaked information, hacker chatter, endpoint security, and patching cadence. On a daily basis, these ratings are updated based on objective, publicly-available data that, similar to credit ratings, provides an "outside-in" view of an entity's security posture. About SecurityScorecard Funded by world-class investors including Silver Lake Partners, Sequoia Capital, GV, Riverwood Capital and others, SecurityScorecard is the global leader in cybersecurity ratings with tens of millions of companies continuously rated. Founded in 2013 by security and risk experts Dr. Aleksandr Yampolskiy and Sam Kassoumeh, SecurityScorecard's patented rating technology is used by over 18,000 organizations for enterprise risk management, third-party risk management, board reporting, due diligence, and cyber insurance underwriting. SecurityScorecard continues to make the world a safer place by transforming the way companies understand, improve and communicate cybersecurity risk to their boards, employees and vendors. Every company has the universal right to their trusted and transparent Instant SecurityScorecard rating.

Read More

Spotlight

In mid-2017, the industry was shaken by a major cyber-attack against Maersk, the world’s largest container shipping company, which led the sector to adopt a new look at cyber security issues. 2018 validated this trend as cyber incidents continued affecting operators, ports, and shipbuilders. Ransomware infections are often instigated through phishing emails, which makes employees' awareness and preparedness vital.