Heimdal
article featured image

Contents:

Hackers targeted two French healthcare providers and generated the largest data breach in French history.

The French Data Protection Agency (CNIL) said both Viamedis and Almerys data breaches exposed the data of 33 million people.

The two medical insurance companies announced at the beginning of February 2024 that they were victims of cybercrime.

Hackers used phishing to gain initial access to Viamedis’ system. In Almerys’ case, the company said the threat actors did not infiltrate their network, but a portal that health professionals use.

Viamedis announced on February 12th that they were planning to reopen their platform progressively. At the moment the connection to their website is marked as unsecure because it doesn’t support HTTPS.

viamedis data breach

Why do hackers target healthcare providers?

During the past 2 years, security specialists have seen a surge in cybersecurity attacks targeting healthcare providers worldwide.

According to the HIPAA Journal, a news provider for Health Insurance Portability and Accountability Act (HIPAA) compliance, the number of healthcare data breaches increased every year, since at least 2021.

They think healthcare providers attract hackers due to their massive and detailed amounts of patient data.

HIPAA Journal also says that:

the theft of medical records is harder to detect than other types of personal data – meaning medical records can be misused for longer than other types of personal data to commit identity theft, obtain medical services fraudulently, and other nefarious purposes.

SourceHIPAA Journal

Are healthcare organizations easier to hack?

Healthcare organizations use large and complex infrastructures that are hard to manage and secure. This eases the threat actors’ job. Additionally, public service healthcare providers are notoriously running on a short budget.

Here are some reasons why threat actors may find healthcare organizations an easier prey:

  • Use of End-of-Life (EoL) devices and software, due to low budgets. Using software that can’t be patched anymore means hackers are free to exploit old vulnerabilities.
  • Increased number of devices that connect to a hospital’s network. Patients, visitors, employees, IoTs and all sorts of medical devices connect to the network. This results in lack of visibility and control.
  • The ever-crowded working environment leads to human errors, like clicking on a phishing link.
  • Critical infrastructure often remains unpatched or is not updated to safe versions. One reason is that in some cases patching such devices would mean rebooting. This is not always possible, in the absence of redundancy. Not having a backup to cover for patching downtime means critical devices are never updated.

Find out how to better protect healthcare organizations from cyberattacks here.

If you liked this article, follow us on LinkedIn, Twitter, Facebook, and Youtube, for more cybersecurity news and topics.

Author Profile

Livia Gyongyoși

Communications and PR Officer

Livia Gyongyoși is a Communications and PR Officer within Heimdal®, passionate about cybersecurity. Always interested in being up to date with the latest news regarding this domain, Livia's goal is to keep others informed about best practices and solutions that help avoid cyberattacks.

CHECK OUR SUITE OF 11 CYBERSECURITY SOLUTIONS

SEE MORE