Cyber Medical Breach

Another Cyber Attack against Medical Institutes, has my information been sold to criminals?

Hackers break into two firms hosting medical care databases with 425,000 records and 200,000 payment details![1]

Another medical breach last month with hackers making off with hundreds of thousands of banking details.  This happened over eight months before it was discovered!  There is a considerable backlash, and the US Senate wants answers, asking if any security audit was conducted?

Another hospital in the UK this month had to cancel all its surgery and appointments while the IT team tried to resolve the issues.[2]

We put so much trust into 3rd party vendors looking after our private information and assume sufficient Cybersecurity controls are in place.  It is imperative that companies understand the risks involved in trusting vendors with your data, especially if the vendor does not have a good Cyber Hygiene regime in place.

How can an organisation reduce the Risk of a breach?

Proper processes and procedures are needed for times of operational stress and these needed to be practised and tested. Critical information assets[3] need to be identified and protected so that companies can continue to function if they come under a cyber attack.

Both IT and general staff must have Cyber awareness training, and this should be delivered from an organisation that brings real-world context to the scenarios.  This approach has been proven to be the most cost-effective way to reduce risk; as reported in the media from several sources in Australia, including some Government agencies.

Follow these steps and be part of the Cyber Security compliance solution.

Step 1

Train your staff

Step 2 – 8

You will find out by doing step 1.

[1] https://www.theregister.co.uk/2019/06/06/congress_amca_leak_quest_labcorp/

[2] https://www.theregister.co.uk/2019/07/03/cisco_network_outage_hospital_appointments_and_surgery_to_be_cancelled/

[3] Assets that are critical to the organisation that if they were destroyed, made unavailable, disclosed or modified then the organisation would not be able to continue to operate.

Leave Comment

Your email address will not be published. Required fields are marked *