Marti Arvin, CynergisTek’s VP of Audit Strategy, recently sat down with Marianne McGee of Healthcare Info Security and exchanged some comments about yet another large breach caused by a hacking incident. On October 25, 2018, Bankers Life announced the fifth largest reported breach this year that involved personal health information of 556 thousand individuals. Below is the full interview.
Marianne: We’ve seen a lot of large hacker attacks on health plans in the past (Anthem, etc.) and now the latest with Bankers Life. Why do you think hackers are drawn to attacking health plans and other insurers?
Marti: It is a little difficult to say without knowing the full facts. Cyber attackers seem to go after the holders of large amounts of sensitive data, which if they are successful in compromising, would yield high rewards. Health plans are key holders of such information. It is unclear based on what has been publicly reported whether hackers are more attracted to health plans over other players in the healthcare industry who may also have vast quantities of such information.
Marianne: If the Bankers Life incident did indeed involve phishing, why are employees still falling for these scams? For instance, are attackers increasingly clever in tricking users? Any particular technologies that are best at potentially helping “stop” a breach even if a user does fall for a phishing scheme? Any other suggestions for preventing these kinds of breaches? Any insight is appreciated.
Marti: Hacking is growing at a very fast pace. With just one click a user’s credentials can become compromised, allowing the hacker to get additional users’ personal information as well. Such emails appear to be coming from a legitimate, known source which may account for the additional users clicking on it. Good data segregation, data loss prevention software, and other tools that may allow for quick detection may help minimize the breach impact. Using technology that alerts users when an email comes from an outside source may help them pause before clicking. Of course, continuous education and awareness are also key.
Marianne: Any other recent observations about this particular hacking incident or health data breaches involving hackers in general?
Having technology solutions that help prevent the hacker from getting into the system in the first place is the first line of defense. But we continuously have to educate our employees and peers about the potential risks of cyber-attacks and how easily hackers can target people by phishing emails.
To learn more about the Bankers Life incident, read this article from HealthInfoSecurity.com.