Shields Health Care Group has suffered a data breach affecting two million patients. Although the organization claims that no information accessed in the breach has been “misused or disseminated,” it is known that consequences still stand no matter the outcome, especially when it comes to the healthcare field and its vulnerable patients.
Shields Health Care Group’s business type relies on a handful of partnerships with hospitals and medical centers, so these consequences could affect over 50 facilities and their patients.
“During this timeframe some data was acquired by the “unknown actor” and although on 18 March Shields had identified and investigated a security alert, at that time data theft was not confirmed.”
Looking at the evolving situation for Digital Journal is Sally Vincent, Senior Threat Research Engineer at LogRhythm.
Vincent starts her assessment with the overall impact upon the patients and clients, noting: “The breach of two million patients’ personal data highlights the importance of ensuring that the proper protections are in place to secure sensitive and invaluable patient information that is stored inside of healthcare organizations’ systems.”
She then moves onto healthcare organisations in general and the reason why they are attractive to malicious actors. Here she finds: “Healthcare organizations continue to have a target on their backs when it comes to data breaches and other malicious cyber activity due to the value of information housed within IT databases and the degree of vulnerability that comes along with humans dependent on these organizations for care.”
Returning the specific case, Vincent finds: “Although Shields Health Care Group states that they have yet to find evidence that data accessed in the breach has been exposed or misused on illegal channels, ramifications still stand.”
In terms of looking forwards, Vincent assesses: “To ensure that patients of healthcare organizations remain protected, as well as maintain their trust in these organizations they are consistently dependent on to provide care, healthcare organizations must ensure that cybersecurity controls are a constant priority.”
She adds that: “Unfortunately, these organizations will continue to be susceptible to these attacks until they take cybersecurity as seriously as they take the business they are in.”
Vincent’s recommendations include: “Implementing threat detection, password hygiene, and preventative and response controls that have the ability to thwart these hazards will protect patient data while ensuring that routine operations are able to carry out as expected, eliminating IT downtime and the ramifications that come along with it.”
She adds to the mix: “Leveraging robust, automated response capabilities through security monitoring solutions allow organizations complete visibility into IT environments and the ability to identify threats before they take over.”
