2015 was an especially devastating year for healthcare in terms of data breaches. The Anthem breach exposed a staggering 78.8 million health records, and another 10 million were exposed in the breach at Excellus BlueCross BlueShield. In addition, the Ponemon Institute’s 2015 studyon data breaches reported that 91 percent of healthcare organizations had one data breach and 34 percent of the healthcare organizations experienced two to five breaches.
Attackers who target health records are motivated primarily by money. Health records are worth at least 5 times the value of credit cards on the black marketmost credit cards can be cancelled and replaced easily, but replacing health records is much more difficult due to the lack of advanced detection and controls against fraud. Health records offer detailed and specific information on individuals including personal identifiable information, financial information and health information, and attackers can use this data in a number of ways, including to profit via submitting false insurance claims. profit is to submit false insurance claims.
Medical devices will be increasingly targeted in the coming years since they are easier to attack and not as closely managed compared to other hospital IT Managed PCs. What’s more, many vendor-provided medical devices are connected to unpatchable PCs… well, “unpatchable” according to some vendors who say that FDA approval is required before patching or installing antivirus (which is not true). (The FDA actually encourages patching and use of endpoint protection on medical devices. Formal FDA approval is typically not required.)
Consider this: all of the major healthcare breaches we hear about – and most we don’t — involve attacks on endpoints. Therefore, healthcare organizations require a new approach to protect endpoints from advanced cyber campaigns that leverage zero-day exploits and unknown malware.
As part of Palo Alto Networks Next-Generation Security Platform, Traps is an advanced endpoint solution that prevents successful execution of advanced attacks originating from executables, data files or network-based exploits, known and unknown, regardless of whether patches have been applied.
With Traps deployed, security teams at healthcare organizations can protect patient care and their data, and solve tough problems like mitigating the risk of unpatchable systems and protecting workstation instances within VDI environments.
To learn more, visit the Fuel User Group and select ‘Protecting Your Patients and Their Privacy with Traps’ to watch a recorded webcast that delves deeper into these challenges and demonstrates how Traps solves these difficult problems.
[Palo Alto Networks Blog]