Health Care Firms Increasingly Feeling 'the Love' as Targets of Attack
Recent inside job by health care employee and increase in attempted hacks shine light on risks to patient data
More proof that patient data is falling victim to insider threats and hacks: A national hospital chain says a former employee recently convicted of identity theft had access to the personal information of some 37,000 of its patients nationwide, according to a published report.
And separately, security services provider SecureWorks yesterday reported an 85 percent increase in the number of attempted hacks on its health care clients: from an average of 11,146 attempts per client each day during the first half of 2007 to 20,630 per client through January of this year.
Tenet Healthcare Corp., meanwhile, sent out letters last week to potential victims who had been patients at its 54 hospitals nationwide. Ex-Tenet employee Terence Brooks, who had worked at the health care firm’s Frisco, Texas, billing center, was arrested last November for attempting to get a credit card using stolen information from his job. He reportedly stole the names, Social Security numbers, and other personal data of around 90 Tenet Healthcare patients. The billing center processes around 4 million accounts in all.
Brooks was sentenced to nine months in prison after pleading guilty last month to multiple counts of fraudulent use and possession of ID information. Now other Tenet patients whose data he may also have compromised are scrambling to check credit reports and fraud alerts.
"What's challenging in this situation is there was an employee intent on committing fraud," a Tenet spokesman said. "No company can prevent that, but we can have practices in place to immediately address it when it does occur, and that's what we did."
SecureWorks, meanwhile, says health care firms are seeing a spike in attacks due to the volume of personal data they store, as well as the increase in client-side attacks occurring overall.
— Kelly Jackson Higgins, Senior Editor, Dark Reading
About the Author
You May Also Like
DevSecOps/AWS
Oct 17, 2024Social Engineering: New Tricks, New Threats, New Defenses
Oct 23, 202410 Emerging Vulnerabilities Every Enterprise Should Know
Oct 30, 2024Simplify Data Security with Automation
Oct 31, 2024