Network Security
Vulnerability Management
Privileged Access Management
Endpoint Security
Threat Hunting
Unified Endpoint Management
Email & Collaboration Security
Contents:
Hackers targeted two French healthcare providers and generated the largest data breach in French history.
The French Data Protection Agency (CNIL) said both Viamedis and Almerys data breaches exposed the data of 33 million people.
The two medical insurance companies announced at the beginning of February 2024 that they were victims of cybercrime.
Hackers used phishing to gain initial access to Viamedis’ system. In Almerys’ case, the company said the threat actors did not infiltrate their network, but a portal that health professionals use.
Viamedis announced on February 12th that they were planning to reopen their platform progressively. At the moment the connection to their website is marked as unsecure because it doesn’t support HTTPS.
Why do hackers target healthcare providers?
During the past 2 years, security specialists have seen a surge in cybersecurity attacks targeting healthcare providers worldwide.
According to the HIPAA Journal, a news provider for Health Insurance Portability and Accountability Act (HIPAA) compliance, the number of healthcare data breaches increased every year, since at least 2021.
They think healthcare providers attract hackers due to their massive and detailed amounts of patient data.
HIPAA Journal also says that:
the theft of medical records is harder to detect than other types of personal data – meaning medical records can be misused for longer than other types of personal data to commit identity theft, obtain medical services fraudulently, and other nefarious purposes.
Source – HIPAA Journal
Are healthcare organizations easier to hack?
Healthcare organizations use large and complex infrastructures that are hard to manage and secure. This eases the threat actors’ job. Additionally, public service healthcare providers are notoriously running on a short budget.
Here are some reasons why threat actors may find healthcare organizations an easier prey:
- Use of End-of-Life (EoL) devices and software, due to low budgets. Using software that can’t be patched anymore means hackers are free to exploit old vulnerabilities.
- Increased number of devices that connect to a hospital’s network. Patients, visitors, employees, IoTs and all sorts of medical devices connect to the network. This results in lack of visibility and control.
- The ever-crowded working environment leads to human errors, like clicking on a phishing link.
- Critical infrastructure often remains unpatched or is not updated to safe versions. One reason is that in some cases patching such devices would mean rebooting. This is not always possible, in the absence of redundancy. Not having a backup to cover for patching downtime means critical devices are never updated.
Find out how to better protect healthcare organizations from cyberattacks here.
If you liked this article, follow us on LinkedIn, Twitter, Facebook, and Youtube, for more cybersecurity news and topics.
