How the breach happened is unknown and is currently being investigated by the FBI.
However, the target is no surprise to cyber security expert Joe Caruso, the founder and CEO/CTO of Global Digital Forensics (GDF) headquartered in New York City.
“Health care companies and hospitals are attractive targets for cyber criminals,” says Caruso. “The amount of data and the type of data that these kinds of organizations store combined with the number of people they employ creates an environment that is ripe for data leaks.”
GDF provides cyber security advice and protection services to government, banking, health care, education and corporate clients. In many cases, the companies surround themselves with expensive perimeter security systems but fail to consider weaknesses inside the organization.
“The biggest problem is really user issues,” says Caruso. “You can do everything possible, buy the best products available to protect data but if the system users are not educated, monitored and controlled, you are going to have data leaks.”
Caruso regularly counsels organizations on the need to make employees with access to sensitive data alert and aware to the danger of opening doors to strangers.
“Employees need to be educated; you need to implement awareness campaigns and keep them informed about what is going on,” says Caruso. “Organizations need controls to keep employees from doing things like hooking their iPhones up to the hospital network or plugging in their home laptop into the corporate network. Those types of things are a real danger.
“Hospitals are even more susceptible because they have a lot of employees with different access levels. Maintenance people and cleaners for example move freely throughout the hospital and have access to computer terminals and that is all problematic. Doctors want to be administrators of the network because they feel like they should,” says Caruso. “These are the kinds of situations where leaks can occur.
“The other issue we have to grapple with is government databases,” says Caruso. “We are seeing health care companies getting hacked, private companies getting hacked and financial institutions hacked. However, I am fairly certain that county and state government agencies are compromised. They just don’t have the money to keep up with the changing technology and they are prime targets because they also have a lot of valuable information in their systems.
“Cyber security is a really new issue, and it is really escalating,” says Caruso, who offers expertise in a clear and easy-to-understand way.
“This is a whole new kind of warfare. People used to throw sticks and stones at each other and then the invention of steel and gunpowder. Then there was the atomic bomb, and now this.
“This is something everyone needs to take very seriously,” he says.
A 2014 report by TrendLabs looking ahead to cyber security issues in 2015 and beyond identified several key areas for consideration. It predicted (and it is already coming true) that the number of cyber hacking incidences would increase dramatically.
READ MORE DATA BREACH LEGAL NEWS
Mobile payment methods, now becoming more and more commonly used, will also result in new threats to consumers.
“I talk to people all the time who don’t have a security system on their computer,” says Caruso. “They say, ‘it came with one but I didn’t want to pay the $29 to renew it.’
“You have to think of your computer the way you think of your wallet,” says Caruso. “Are you going to walk out of the house with your wallet on a park bench for an hour while you run into the store? People do that to their computers all the time. They open e-mails, go to websites without thinking about it, and hook up unsecured devices to the desktops all the time.”