CareFirst Breach of 1.1M Shows Security Opportunity in Healthcare
A breach revealed by healthcare provider CareFirst this week which exposed details of up to 1.1 million customers brought home once again the cybersecurity challenges facing healthcare businesses and, to some degree, the opportunities this could pose for MSPs that can help them address IT security.
A Blue Cross Blue Shield Plan with headquarters in Maryland, CareFirst reported that forensic examiners have said so far that attackers were able to tap into customer names, email addresses and birthdates, though they didn’t get their hooks in to any sensitive financial or medical information. Caremark is just one in a string of high profile healthcare breaches to hit the headlines over the past several months, including big exposures at Anthem and Premera Blue.
“Healthcare entities are the new data gold mines for attackers. The data is lucrative, often unprotected, and useful for medical and identity fraud,” says Mark Bower, global director of product management for HP Security Voltage. “Unfortunately, many healthcare firms do not have modern data-centric protection in place to neutralize breach risks of these kinds of attacks and are thus vulnerable to being plundered from advanced malware.”
Healthcare lags in security
Many IT security professionals believe that health care organizations are far behind their peers in other verticals like finance or even retail when it comes to cybersecurity, and yet the data that they hold may be as valuable or more so than organizations in those industries.
“Both insurance and provider organizations have becoming targets by criminal groups because the data stored on these systems has become more significantly valuable over time as criminal syndicates have found ways to monetize it,” says Ken Westin, senior security analyst for Tripwire. “In general healthcare organizations are not prepared for the level of sophistication associated with the attacks that will be coming at them. It’s no surprise that several organizations have been targeted and compromised.”
How MSPs should talk to Healthcare prospects
Overall, healthcare has stagnated a bit on the IT services buying front. According to Technology Business Research earlier this year, the demand for IT services in healthcare only grew by 1.3 percent in fourth quarter of 2014 compared to 5.4 percent during the same time frame in 2013. For MSPs and MSSPs that can position themselves well, this spate of breaches could be just the conversation topics necessary to help their customers loosen the purse strings for important security projects.
In particular, MSPs should be pushing healthcare clients toward encryption initiatives which can be low-hanging fruit for providers to offer the biggest bang for the IT security buck.
“What this reveals is that encryption in the healthcare industry is no longer a nice to have,” says Trent Trelford, CEO of Covata. “In fact, it is a must for all businesses that hold sensitive or valuable information within their networks.”