Quest Diagnostics, a large medical diagnostic and laboratory services provider, has been breached, potentially impacting tens of millions of patient records. In accordance with HIPAA, fines can range from $100 to $50,000, per record lost, if there was non-compliance. This means, at a minimum, Quest could be fined $1.2 billion dollars if they are found to have violated HIPAA. Increasingly, other regulatory regimes are imposing fines for lost records, as well. While we don’t yet know in detail how this happened, there are some important points to consider.
- Security over confidential data needs to employed at multiple levels. No single tool is good enough. Software that manages electronic health records and manages access control is important, but it can’t protect against stolen credentials.
- Part of protecting this data means controlling the flow of data to any entities that are external to the organization. Every company has trusted partners, but that doesn’t mean an organization's networks need to be open to the world. Firewalls updated with the latest threat intelligence to block communication to known criminal networks is essential. These rules need to be constantly updated against the latest threats.
- Phishing and various forms of impersonation attacks are frequent against Healthcare targets, in order to compromise credentials. Many of those phishing sites are known, they just need to be updated into an organization’s infrastructure to be blocked. DNS servers provide a valuable resource to block phishing and malicious websites, so users who do mistakenly click on a phishing link still won’t reach the attacker, immediately stopping the attack.
What's the key to this? Using the latest threat intelligence of known threats requires automatically updating your firewalls and DNS servers to those threats. ThreatSTOP curates hundreds of sources of intelligence to stop these attacks -- To learn more, try a 14-day free trial or request a quick demo below to learn how we can protect you against these threats.