A Quick Review of SANS Healthcare Cyberthreat Report

A QUICK SUMMARY OF: SANS Healthcare Cyberthreat Report Almost 50,000 events were captured between September 2012 and October 2013 Organizations compromised & the percentage of malicious IP traffic emanating from them: 72.0% Health care providers 9.9% Health care business associates 6.1% Health plans .05% Health care clearinghouses 2.9% Pharmaсеutical 8.5% Other related health care entities What is being compromised? Video Conferencing Systems, Digital Video Systems Radiology Imaging Software Web-Based Call Center Website (VoIP PBX) VPN applications and devices, firewalls, routers, enterprise network controllers (ENCS) and more. Compromised networks are vulnerable to: Intellectual property theft Medical billing fraud Payment information theft "Today, Compliance does not equal security." SANS Healthcare Cyberthreat Report What can a compromise cost your organization? Regulatory fines Notification of victims Immediate remediation cost Class-action lawsuits Brand damage Costs for data breaches average $233 per compromised record. This includes the cost for: incident handling, victim notification, credit monitoring, lost opportunities. $ 233 Additional costs likely to be incurred include legal actions, recovery, new security control investments. In the case of the WellPoint incident these costs amounted to $142,689,666 Sources: SANS Health Care Cyberthreat Report Ponemon 2013 Survey on Medical Identity Theft