Smaller Healthcare Organizations: The Next Breach Target?Symantec's David Finn Discusses New Cyberthreat Study Findings
Clinics, laboratories, durable medical equipment suppliers and other smaller healthcare entities need to bolster their breach preparedness as cyberattacks against smaller entities in all sectors continue to multiply, says David Finn of Symantec, who discusses findings from a new report by the security vendor.
No organization, regardless of size, is immune to the surge in cyberattacks, including those involving ransomware, Finn says in an interview with Information Security Media Group.
"There used to be a thought process that if you were small or rural, you might be exempt from this," he says. "But one of the findings in the report is that attacks on small businesses are increasing, and they are probably the least able to deal with these attacks. So, obviously the bad guys go for the easiest targets."
Larger hospitals, integrated delivery systems and payer organizations had been the main targets for cyberattacks in the healthcare sector, he notes. Two significant examples are the recent suspected ransomware attack on 10-hospital healthcare system MedStar Health and last year's hacker attack on health plan Anthem Inc.
But now, "we're beginning to see more attacks on physician practices, clinics, reference labs, and durable medical equipment providers," he says. "The [stolen] data all goes to the 'dark web' and is available for the right price."
In the interview, Finn also discusses:
- The surge in zero-day vulnerabilities and other findings from the Symantec Internet Security Threat Report, which is based on an analysis of cyber threat data collected in 2015 from Symantec's Global Intelligence Network, consisting of more than 63.8 million attack sensors monitoring threat activity in over 157 countries and territories;
- What's behind the recent uptick in ransomware and other malware attacks in healthcare and other sectors;
- The risks associated with nation-state attacks;
- Steps healthcare organizations can take to better defend against these and other evolving cyber threats.
Before joining Symantec, Finn was the CIO and vice president of information services for Texas Children's Hospital, where he also previously served as the privacy and security officer. Earlier, Finn spent seven years as a healthcare consultant with Healthlink - formerly IMG - and PriceWaterhouseCoopers. Finn has more than 30 years of experience in the planning, management and control of information technology and business processes.