Democrats such as Elizabeth Warren had their eye on business and the working class during the first 2020 presidential primary debate in Miami.2020 Electionsread more
Chinese President Xi Jinping is expected to present U.S. President Donald Trump with the terms it expects the U.S. to meet before Beijing is willing to settle the countries'...World Economyread more
Huawei's legal chief told CNBC that the company makes "solutions for civil use."Technologyread more
The Chinese Ministry of Commerce maintained a firm stance against the U.S. during a weekly press conference on Thursday, less than two days ahead of a scheduled meeting...China Economyread more
Carl Icahn ratcheted up his fight with Occidental Petroleum over its pending purchase of rival Anadarko Petroleum by calling for a special shareholder meeting where he hopes...Energyread more
The issue over health insurance marked the first stark divide among the candidates, and sparked a heated back-and-forth between many of the candidates on stage.Politicsread more
The stock market is shrinking for several key reasons, but there's a way for investors to maneuver it, says Citi Research strategist Robert Buckland.Trading Nationread more
Four candidates mentioned China — but none of the Democratic contenders brought up trade in the debate.Politicsread more
Credit Suisse initiated coverage of Tesla Wednesday with an "underperform" rating and a price target 15% below where the stock closed.Marketsread more
Something unusual is happening in financial markets, and it could mean more gains lie ahead for stocks, if history is any indication.Marketsread more
Waymo has officially expanded its reach and is now making some of its self-driving minivans available for customers of ride-share firm Lyft.Transportationread more
Despite high-profile hack attacks, like the Anthem breach in which cybercriminals exposed 80 million medical records, the health-care industry continues to shortchange Americans when it comes to protecting their data. That's the key takeaway from a new cybersecurity report from Forrester.
"When it comes to preparedness, they're woefully behind and that, to me, is the most concerning thing," said Forrester analyst Stephanie Balaouras.
"They've done it begrudgingly and they've done it as something that they need to comply with at the lowest possible cost, as opposed to something they really embrace," she said.
"The focus, to date, has really been more on achieving HIPAA compliance rather than overall privacy," Balaouras said. (The Health Insurance Portability and Accountability Act, known as HIPAA, provides federal protections for personally identifiable information held by providers and their associates, and gives patients certain rights regarding that information.)
As much as innovations in health care and connected devices — from GPS-enabled asthma inhalers to wearable tech tattoos that monitor vitals signs — mean improvements in human health and longevity, they also mean more ways cybercriminals can steal private data.
The data can be extremely valuable. Stolen credit cards sell for a just few dollars on the black market, but electronic health records can fetch as much as $50 each. "When you think of a medical record, it encompasses a lot of the same personally identifiable information that a cybercriminal might gain from breaching a retailer," said Balaouras. "But now, they also have more extensive medical information about you."
Forrester predicts that in 2016 hackers will release ransomware for a medical device or wearable.
And unlike credit card theft, which can be quickly resolved, medical identity theft can have long-term effects on individuals personally. "Now your medical record has been corrupted, somebody thinks you've got a certain diagnosis when you don't, or you've been on certain medication when you haven't, so It can have not just financial consequences, but also medical service consequences down the road," Balaouras said.
"Hackers are carefully picking their victim organization, learning its businesses, understanding its partner relationships, and testing for weaknesses and vulnerabilities. To make a lot of money stealing and monetizing personally identifiable information, a cybercriminal organization will want to steal as many records as possible," wrote Forrester in a report looking at the world's biggest consumer data breaches.
Over the last 14 months, the five biggest breaches accounted for 77 percent of all breached records, and the Anthem Blue Cross Blue Shield breach is second only to Home Depot in terms of the number of victims. Premera Blue Cross also made the top five — a September 2014 hack attack breached 11 million customer records.
Yet insurance companies, hospitals and doctors allocate an average of just 14 percent of their IT budgets to security. By contrast other industries, many of which are far less attractive to cybercriminals, are investing upward of 20 percent. "They haven't really thought about themselves as an actual cybersecurity target, I just think, from an overall budget perspective," Balaouras said.
"The fines are getting bigger every year," Balaouras said. New York Presbyterian Hospital and Columbia University agreed to pay the Office for Civil Rights, part of the Department of Health and Human Services, $3.3 million and $1.5 million, respectively, for failing to protect thousands of medical records in 2014.
"There are also reports that the Office of Civil Rights (OCR), which enforces the Health Insurance Portability and Accountability Act (HIPAA), has a significant pipeline of unprecedented settlement agreements," wrote Forrester.
In light of the rise in hack attacks and the Anthem breach, Forrester has this advice to the industry: 1) adopt two factor authentication for access to databases containing sensitive patient information; 2) use behavioral analytics to identify suspicious behavior and encrypt data; 3) realize that identity protection is no longer a good enough mea culpa.
DHHS declined to comment for this story. A spokesperson for Anthem said there is no evidence that medical information such as claims, test results, or diagnostic codes, was targeted or obtained. Instead, the data accessed may have included names, dates of birth, Social Security numbers, health care ID numbers, home addresses, email addresses, and employment information, including income data.
This story has been updated to add a comment from Anthem.