Healthcare is one of the biggest targets for hackers to obtained consumers sensitive data information. Hackers are targeting healthcare organizations with ransom ware, misconfigured cloud storage buckets and phishing emails. There are several healthcare breaches that has occurred all over the United States in just 2017 and 2018 alone. One was from the Florida’s Agency of Healthcare Administration, an employee fell for a malicious phishing email, which allowed hackers to access Medicaid enrollee data, including Social Security numbers. 30,000 patients information may have been affected by the breach due to a malicious phishing email in November 2017. Some data that was taken was date of birth, address, diagnoses, and medical conditions. The agency discovered the event and reported it immediately to the inspector general. The inspector general took protocol and corrected the issued (didn’t explain how it was resolve) but did mention that test were ran and no other systems or email accounts were part of the incident. After the breach, the agency required all employees to change login credentials and implemented new security training along with ongoing training to improve its security. The training allowed all employees to know what to look for and what not to do.
For the consumer, they offer a year free of credit monitoring.
The implications of this security breach from the user and company perspective was that security knowledge needed to be train and retrain. That it was just that easy for someone to gain information by sending an email and an employee opening it and not being aware. Phishing emails are done more and more by hackers because it can easily be done. Something that I have learned from this incident is that without proper training and knowledge of what to be aware of it, it can happen to anyone. I worked for a company, State Farm, who requires us to go through testing by sending us test phishing emails, we also have to go through security knowledge training yearly as well. We also have to change our password every three months. In the healthcare industry and with this the company, I do believe it is very much likely for it happen again. As new employees come to work, if not properly trained or just not following policy and procedures, the same mistake can happen. No additional insights, but I’m sure a network specialist will need to be up to date on the knowledge of any forms of hacking and what to do to help mitigate any issues. (Davis, 2018)
Davis, J. (2018). Hackers expose data of 30,000 Florida Medicaid patients. Retrieved from Healthcare IT News: https://www.healthcareitnews.com/news/hackers-expose-data-30000-florida-medicaid-patients