01 Dec 7 cyber threats worse than PHI breaches
Healthcare IT security: you have a bad reputation. When it gets down to healthcare there’s always a little chuckle about how bad they are
This year was among the worst in cybersecurity across the healthcare sector.
On average, companies that got breached did not know it for 270 days and some had even been breached for seven years without knowing it, according to Richard Clarke, the former White House cybersecurity czar who served three presidents.
In his opening keynote at the Healthcare IT News Privacy and Security Forum on Tuesday in Boston, Clarke explained that two-thirds of those entities did not even discover the breach internally; it was pointed out to them, either by someone outside the organization or by the federal government.
As bad as breaches are, however, there are other worse threats emerging that hospital CIOs, CISOs and IT departments should understand and prepare for. Clarke offered seven:
1. Ransomware. Calling this an epidemic, Clarke explained that he frequently receives calls from clients who have been subject to someone essentially seizing their data and demanding money to give it back.
2. DDoS. Distributed Denial of Services attacks, previously thought to be a minor problem, have reemerged with high profile attacks against American banks, Clarke said. “DDoS is now, again, a threat. It’s something you can send down the wire to an entity and knock it offline.”
3. Wiper attacks. “Think Sony or Saudi Aramco,” Clarke said. Aramco had 30,000 end points, for instance, until one morning employees came in to work and found that all the software had been wiped out in a 7-minute attack. At Sony, in the days after the attack guards couldn’t look up his name to check Clarke in because all the devices were wiped blank.