Hackers often carry out massive cyberattacks to gain access to financial data through banks and retail companies, but this week's cybercrime hit a seemingly new target: medical data, taken from the health insurance company Premera Blue Cross. The attack affected 11 million patients, making it the largest cyberattack involving medical information to date.
The healthcare industry has been catching hackers' attention lately. In February, the health insurance company Anthem reported a breach in which hackers accessed to about 80 million records, and in 2014, the Tennessee-based hospital operator Community Health Systems saw 4.5 million records accessed, though both companies said no medical data was exposed. Even so, as Pat Calhoun, the senior vice president of network security at Intel Security, puts it, the healthcare industry is just beginning to find itself in cyber-criminals' crosshairs, making it slow to shield people's records.
"The healthcare industry is not immune to attacks," he told me. "It's really a wake up call for manufacturers and healthcare providers to understand how to minimize the impact on security challenges."
Calhoun points out that healthcare breaches aren't unheard of: In fact, according to Intel Security and the Atlantic Council's latest report on cyber risks, about 44 percent of all registered data breaches in 2013 targeted medical companies, with the number of breaches increasing 60 percent between 2013 and 2014. Those numbers may seem larger than expected—how often do healthcare breaches make the news?—but Calhoun tells me that these reported medical-company breaches happen on smaller scales, affecting far fewer people than attacks on banks and government data.