Partners Health Care breach: Here comes the flood

Breaches at Premera, Anthem were predicted to mark the start of a wave of attacks going after medical records.

A phishing attack that led to the compromise of patient information at Partners Health Care could be the start of a predicted flood of such attacks against healthcare providers.

The breach discovered Nov. 25, 2014 exposed the group's email accounts to the attackers. A notice posted by Partners says some of the emails compromised contained "names, addresses dates of birth, telephone numbers, and, in some instances, Social Security numbers, and some of our patients' clinical information, such as diagnosis, treatment received, medical record numbers, medical diagnosis codes, or health insurance information."

Also on Network World: The data breach quiz: What have we learned?

The notice didn't say how long the attackers were active on the network, but reports say the group is notifying 3,300 patients that their information was accessed.

The Partners system is affiliated with Brigham and Women's Hospital, Brigham and Women's Faulkner Hospital, Massachusetts General Hospital, North Shore Medical Center, Partners Continuing Care, and Newton-Wellesley Hospital, all in Massachusetts.

The lure of health care data is two-fold. First, experts say the medical records are worth 10 times what stolen credit card numbers bring on the black market. That means a less-successful attack in terms of numbers of records stolen could be worth much more to the criminal who carries it off.

Health records can be used to file phony medical claims, which can run into thousands of dollars. The information can be used over and over to open new credit card accounts rather than exploiting stolen numbers until they are canceled.

Detailed records can also be used to build user profiles that can be used to access financial accounts.

Second, the information is valuable intelligence about individuals that the attackers may be interested in. For example, in the cases of Anthem and Premera breaches, both providers insured large numbers of federal employees, so attackers might have gained information another nation could use to coerce individuals.

For these reasons experts predicted earlier this year that they expected more of the same. The FBI even sent out this warning to health providers, according to Reuters: "The healthcare industry is not as resilient to cyber intrusions compared to the financial and retail sectors, therefore the possibility of increased cyber intrusions is likely."

And now it looks like they might have been right.

What to do?

For those who have been notified their data was compromised, check online financial accounts frequently for suspicious activity. Monitor notifications from insurers about claims filed to be sure they are legitimate.

For providers who have been hit, hire help to figure out how the breach occurred and take steps to block future incursions. Make sure malware installed during the breach is found and wiped out. Invest in new security that better meets industry defense standards.

Still, the immediate future likely holds more health-data breaches, according to the 2015 "Data Breach Industry Forecast" published by Experian. "Reported incidents may continue to rise as electronic medical records and consumer-generated data adds vulnerability and complexity to security considerations for the industry," the forecast says.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2015 IDG Communications, Inc.

IT Salary Survey: The results are in