Data breaches in the healthcare sector are also getting larger – with five of the eight largest health data breaches reported since 2010 (those with more than 1 million records compromised) occurring in the first six months of 2015, IBM’s report said.

Why cybercriminals attack healthcare more than any other industry – Naked Security

While the average cost of a data breach across all industries was $3.8 million in 2014 – up 23% from 2013 – the the cost per record in the healthcare sector was $363 per record breached, more than twice the overall average of $154 per record.

Why cybercriminals attack healthcare more than any other industry – Naked Security

In February, the Hollywood Presbyterian Medical Center in California was hit by ransomware, which forced the hospital to shut down all of its computers and depended on fax machines and paper records for a week.

Rather than lose all its patient medical records, the hospital decided to bite the bullet and paid the ransomware crooks 40 bitcoins, or about $17,000, to restore the hijacked files.

Although ransomware cybercrooks tend only to be interested in data for the ransom value, healthcare data is becoming more lucrative for cyberthieves who sell the data on the black market.

As IBM explained, health records contain a wealth of information that can be used for medical identity theft and fraud:

[Health records] typically contain credit card data, email addresses, social security numbers, employment information and medical history records – much of which will remain valid for years, if not decades. Cyberthieves are using that data to launch spear-phishing attacks, commit fraud and steal medical identities.

The healthcare sector is also an appealing target for cybercriminals because the industry’s approach to cybersecurity is behind the times.

Earlier this year, Sophos conducted a survey of IT decision makers across multiple industries in six countries, finding an alarming laxity in many organizations’ approach to data security.

Our survey found that the healthcare sector had one of the lowest rates of data encryption, with only 31% of healthcare organizations reporting extensive use of encryption, while 20% said they don’t use encryption at all.

Other studies have shown that the healthcare industry lacks a culture of security.

A Sophos survey of National Health Service (NHS) organizations in the UK found that encryption was “well established” in just 10% of them; while a 2016 study of hospital cybersecurity found that patient health records are “extremely vulnerable” because of a lack of focus on cyberattacks and insufficient training.

Beyond data breaches perpetrated by hackers, health data is frequently exposed through accidental loss, device theft and employee negligence.

And it’s not just hospitals, doctors’ offices, and insurance companies that are failing to protect healthcare data – private employers frequently leave their employees’ private healthcare information unencrypted.

Click here to read the original article.

Vein-Scan Biometric Technology

dkorolyk — Fri, 01 May 2015 15:02:11 +0000

Imprivata’s recent acquisition of HT Systems provides them with Vein-Scan Biometric Technology. The healthcare IT security company, is going full-force into the patient identification market with its announcement today of its purchase of HT Systems, a provider of vein-scan biometric technology.

Executives at Imprivata and HT Systems gave Fortune an exclusive preview of the deal this week, and said they would provide more details at Imprivata’s quarterly earnings call May 4.

Imprivata IMPR -0.20% will pay about $19.1 million in cash plus additional payments for meeting retention and performance standards, which could value the deal at as much as $26 million.

The deal gives the Massachusetts-based Imprivata the technology it needs to develop a patient-facing security segment by expanding the reach of HT Systems’ PatientSecure platform. The biometrics system connects patients to their electronic medical records when they first show up at a hospital or clinic, and then accurately identifies them when they return, helping to prevent expensive insurance fraud and to avoid medical errors related to mismatched records.

Imprivata, which had $97 million in revenues last year, currently sells one-sign secure access solutions and medical messaging platforms for doctors. With the HT Systems purchase, Imprivata will have a new tool for interacting directly with patients.

“The next step in the digital health story is patient engagement, and we can’t engage without great identification systems,” said Omar Hussain, president and CEO of Imprivata. “If medical records go to the wrong place there’s a problem.”

HT Systems’ PatientSecure uses infrared lights to scan a patient’s palm to distinguish his unique vein pattern, which is then linked to the correct medical file. This type of technology is used around the world within a range of industries, in the U.S. as well as in places like Brazil and Japan.

The technology was originally developed by Japanese company Fujitsu and was initially rolled out by the Bank of Tokyo-Mitsubishi via its ATMs almost a decade ago. It served as an accurate and minimally intrusive form of two-step authentication, which helps prevent fraud by adding another layer of security. HT Systems has the exclusive rights to the technology within the U.S.

“When we started the journey down positive patient identification route, our biggest competitor was the status quo,” said David Wiener, CEO of HT Systems, who will join Imprivata as part of the deal. “No one else was doing it at the time.” Today, other larger biometrics companies compete in the space, including the likes of Gemalto and M2SY.

The patient identification market, driven by the rise of electronic medical records, is estimated to be worth about $2 billion globally, according to Imprivata. The company is going after a slice of that market with HT System’s technology; it plans to use its own wider-reaching sales force to grow the reach of the PatientSecure system beyond the 65 health systems it serves today.

Imprivata still has a challenge ahead of it. The No. 1 concern is patient adoption: No matter how good the technology, if a patient sees it as weird or intrusive they won’t use it, said Wiener.

Biometrics security expert Heidi Shey of Forrester Research echoed those concerns, which are true for the whole biometrics business regardless of industry. While people are getting more familiar with biometrics (see the fingerprint scan on the iPhone), there’s still a need for consumer education and ensuring these products work seamlessly.

“It’s one of those things where you only have one shot to get the consumers to buy into this, and if it doesn’t work as expected or there’s any difficulty, then it’s something they’re unlikely to use,” said Shey. “It has to be easy, and it has to be reliable.”

Read the original article here

The post Vein-Scan Biometric Technology appeared first on Healthcare IT Systems.

Security Archives - Healthcare IT Systems

Why Cyber criminals Attack Healthcare – IBM

Why Cyber criminals attack healthcare more than any other industry

Vein-Scan Biometric Technology