This week’s news of the reported data breach at Premera Blue Cross is yet another example of how valuable healthcare data is, and why the traditional network-centric approach to security is no longer sufficient.
Beyond the estimated 11 million stolen medical and clinical records, the origins of the attack are also noteworthy. It appears that the attack can be traced back to Chinese cybercriminals. A Chinese hacking group known as “APT18” was also implicated in the Community Health Systems (CHS) breach. Is this the start of a trend? It could be, as the Chinese government has stated that one of the country’s key objectives over the next decade is to rapidly advance its healthcare system. One way to accomplish that goal is to use cyberespionage to gain intelligence on U.S. healthcare systems, equipment and clinical trials.
The lesson here is that cyberattackers are persistent, relentless and have plenty of time to find the path of least resistance – which is often a forgotten website, or insecure application. Therefore, CISOs should address weak points throughout their application infrastructure.
In working with the FBI, Premera will eventually fully understand how the breach occurred and who the perpetrators are. However, if speculation is correct, and the criminals are in China, it will be next to impossible to prosecute them – especially if the attack was state sponsored. While working with law enforcement is an important part of breach response, in many cases it will not result in justice. Also, once the damage is done, there is no putting the toothpaste back in the tube. That is why enterprises need to focus on preventing the breach in the first place, and the best way to accomplish this is by securing all their applications.