With all the healthcare industry regulations around data leakage there has been a decent effort put in place to protect individual records, however the healthcare organizations are still struggling to get this under control from both a physical and cyber perspective.
Even though the medical industry is still battling to protect sensitive records they are facing another more persistent problem. These organizations are under attack because the adversary wants to understand the underlying business practices and to obtain important intellectual property. With the aging population and billions of dollars spent on research and development for drugs, these organizations have a good deal of market cap to lose.
The recent FireEye report shows that although Healthcare is not the top malware candidate it is continually targeted by these attacks. Also notice that the energy sector which has been heavily targeted in the past few years is tracking less than the healthcare industry.
http://www2.fireeye.com/WEB2012ATR2H_advanced-threat-report-2h2012.html
To understand the extent of the threat another posting was released on March 14 titled “Medical Industry Under Attack by Chinese Hackers”. Here is one of the key quotes from this article.
“Healthcare is listed as one of China’s priorities in its 15-year science and technology development strategy for 2006 to 2020“
“Many of these victims have technology or drugs that are a monopoly. If you are the first to market with some great new technology breakthrough or drug, and you get a profit from that research … it would definitely be an issue for the Chinese to target some of these“
As recent as March 20th an article in The Daily Briefing was posted stating:
“Rich Barger—chief intelligence officer for CyberSquared, a data security company—said his firm can confirm that at least three Chinese advanced persistent threat groups, or APT groups, have targeted medical organizations.”
http://www.advisory.com/Daily-Briefing/2013/03/20/Hackers-target-medical-organizations
As you can see the industry is definitely under attack and many healthcare organizations are more than likely compromised. The unfortunate problem is that these companies are spending all their security money to focus on the leakage of personal and medical records, but they are still implementing the wrong controls to protect against a threat that impacts their entire business model.
If the healthcare industry does not shift its current security strategy and prioritize its spending on the right prevention controls then their data and business models will be complexly assimilated in the next decade.
InfoSecAlways.com 