BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

Health IT security lags behind retail industry

From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Wed, 28 May 2014 19:24:45 -0600
http://www.fiercehealthit.com/story/health-it-security-lags-behind-retail-industry/2014-05-28

The massive data breaches at Target and eBay could be a taste of what's in
store for the healthcare industry, according to a report from security
rating firm BitSight Technology.

The report "Will Healthcare Be the Next Retail?" looked at security across
four sectors--finance, utilities, retail and healthcare and
pharmaceuticals--based on data such as communication with a botnet, malware
distribution or spam propagation.

Healthcare experienced the largest growth in security incidents during the
study period--April 1, 2013, through March 31, 2014--but also the slowest
response. Its response time was more than five days, while finance took
about three-and-a-half days and retail and utilities each about four days.

Medical records sell for about $20 on the black market, according to the
article, while credit card data brings about $1.

Finance had the best record in this analysis, which points out that it
spends more on cybersecurity, tends to implement protections beyond those
required by government and shares information on emerging threats.

Healthcare, however, is dinged for its poor compensation for security pros,
based on a Ponemon Institute salary report, and for spending only enough to
comply with HIPAA and other privacy regulations.

"Unlike the financial institutions and electric utilities ... the
healthcare and pharmaceutical companies do not view cybersecurity as a
strategic business issue," the report states. "They do not spend enough
resources to protect their data, in part because cybersecurity has not
received the executive-level attention it deserves."

The report echoes a SANS Institute finding that compliance does not equal
security. That report found that networks and Internet-connected devices of
healthcare organizations are being compromised at an "alarming" frequency.

Meanwhile, the U.S. Department of Health & Human Services has been slapping
on ever-heftier fines, such as the $3.3 million penalty levied against New
York-Presbyterian Hospital for a compromised server--the largest HIPAA
settlement to date.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!
Previous By Date Next
Previous By Thread Next

Current thread: