The second largest health data breach to happen in recent history, the Women’s Health Care Group of PA released a statement on July 18th about the ransomware corrupting their server. Thankfully, operations were not disrupted from the infection thanks to files on a backup server. The Women’s Health Care Group of PA is a OB/GYN clinic that serves many patients from the region around Oaks, Pennsylvania. The breach impacted around 300,000 individuals according to the HIPAA Breach Reporting Tool website.

The Attack & Impact

In the press release the Women’s Health Care Group of PA noted that in their investigation they had noticed that external actors had gained access to their systems in January 2017 via a security vulnerability. The hackers installed malware on the server they had access to, although exactly what kind was not specified. The clinic was only able to verify that some files on the server were encrypted but not if any had been viewed of sent back to the cyber criminal. They claim that the information accessible to the hackers were limited patient information, but then list out the data points that could have been stolen. These include a patient’s: name, address, birth date, social security number, lab results, phone number, pregnancy status, blood type, race, employer, insurance company, all diagnosis, and their physician. The clinic also claimed that the encrypted files were promptly restored and that operations had resumed as normal.

As stated above the breach impacted an estimated 300,000 individuals. Whose patient data was potentially stolen. The clinic has offered to cover credit monitoring services for one year for those affected. They claim that drivers licenses and financial information was not revealed. However the data that was potentially stolen collectively makes a profile of a person. Such a medical profile would be attractive data to sell on Darknet markets.

Trafficking Data: Medical Records

The information stolen from healthcare facilities is worth a lot of money, one medical record can sell for about $1,000 on the Darknet. That means that the hackers here may be setup to make about $300 million if they can sell all the records. Why do medical records sale so high, it is mainly because they contain data found nowhere else, such as your insurance info or your entire medical history. There are many buyers who are willing to pay for such information including insurance brokers, lawyers, and even shady employers. The leak of a medical record can have disastrous implications on someone’s life going forward. In the wrong hands these records can prevent job opportunities, lose lawsuits, increase insurance rates, and even make them victims of fraud or identity theft.

State of Healthcare Security

Many organizations in the healthcare sector are still playing catch up with the rest of the private sector, when it comes to IT at least. This is because for most of their history most of the work was done on pen and paper, until the Affordable Care Act, also known as Obamacare, was passed. The Affordable Care Act mandated that healthcare providers must maintain electronic records. The act only passed in 2010 and many healthcare providers have not been able to maintain security standards.

There is a uniqueness in the healthcare sector as Steven Smith, CIO at Northshore University HealthSystem highlights:

“Security in healthcare has some unique challenges because we have to share data in ​ order to save lives while also protecting patient information. If you think of a bank, your financial information is locked up and not shared. But we need to share our data with our doctors, nurses and outside payers, as well as with the patients themselves.”

Prevent a Breach

If you are a healthcare organization, you may not want to end up like the thousands of other healthcare providers who have been compromised. Understand what is at stake not just for you but for your patients as well. One of the proven methods to preventing breaches or identifying them in real time is behavioral analytics. With behavioral analytics you are able to establish a baseline or normal behavior and then detect when there is abnormal incidents and investigate them. In addition to this make sure all of your software is up to date. Out of date systems and software is what caused this recent breach, you do not want this happening to you.

Teramind’s behavioral analytic solution is not just a simple log analysis, but is built with the latest in machine learning technology. Which means that the software will learn as events happen without you having to manually train it each time. Protect your organization and the lives of your patients as well.