You are here


A Vulnerable Industry

An estimated 30 million healthcare records have been compromised to date. Data breaches in the healthcare sector result from device theft, employee negligence, or penetration of networks by complex, evasive threats, such as advanced targeted attacks. While healthcare organizations are held to strict standards of privacy and security by HIPAA, HITECH, HIMSS, and other regulations, they are faced with multiple security challenges — ranging from increased collaboration among healthcare providers and partners to informal BYOD policies to outdated security defenses.

In the cyber underground, healthcare data records are highly prized. While credit card information typically fetches $1 per record, a protected health information (PHI) record, which contains a full identity profile, including a Social Security number, is worth 20 to 50 times as much.

“The healthcare sector accounts for 43.8% of the total breaches on the 2014 Identity Theft Resource Center Breach List.”

Identity Theft Resource Center

Challenges: High-Value PHI at Risk

  • PHI is shared
    Patient records are routinely shared within and outside the walls of a healthcare organization. For example, a hospital may circulate PHI with insurance companies, other medical groups and clinics, labs, and partners—and these third parties may not have effective security defenses in place.
  • Threats are customized
    Today’s modern threats are targeted, sophisticated, and evasive. Most are able to bypass signature-based defenses with a slight change in code that alters the threat’s fingerprint. Spear-phishing emails in particular are a challenge for healthcare organizations.
  • Personal devices are used
    Employees often use unsecured personal devices to move data. Some healthcare organizations lack clearly defined BYOD policies and security controls. Employees may use non-corporate laptops or PCs to email sensitive patient data via unsecured networks or share it on Dropbox or other unauthorized cloud services.
  • Endpoints are under-secured
    Attackers are targeting endpoints as a way into the infrastructure. Once an unsecured healthcare worker’s PC is compromised, threats can spread across the network and find their way to servers containing valuable PHI data.
  • IT departments are under-resourced
    Healthcare organizations are devoted to health and wellness, so security sometimes takes a backseat. IT teams are stretched thin and are challenged to keep up with security patches, leaving systems vulnerable to attackers.
  • Devices are lost or stolen
    According to Verizon, 46% of data breaches in the healthcare sector result from theft or loss of laptops and other devices.

Bromium: The Endpoint Security Remedy

Bromium’s revolutionary isolation approach is far more effective than detection-based solutions like antivirus, whitelisting, Web gateways and sandboxes. Instead of trying to keep up with malicious actors, healthcare organizations can render attacks irrelevant by eliminating the attack surface.

  • Prevent breaches
    Our breakthrough isolation technology creates a disposable micro-virtual machine for vulnerable operations, like Web browsing or opening documents or attachments. Tasks are isolated from the host system, so there’s no need for detection or behavioral analysis—and the possibility of compromise is eliminated. If malware is on the website or in a document, it is contained in our micro-virtual machine, and it is discarded when the task or session is complete, so your endpoint, your network, and your infrastructure are not compromised.
  • Click on anything
    Hospital workers and other healthcare professionals can access the tools and technologies they need to deliver the best possible care and services. They can share documents, open attachments from third parties, and work from any location without having to worry about the security or privacy of PHI.
  • Streamline security
    Busy IT departments at healthcare organizations no longer drown in a sea of false alerts. Urgent security patching and remediation is also dramatically reduced, freeing up IT’s time for more strategic projects.

Experience Bromium

See how organizations are using the most advanced security platform in the world to put an end to data breaches.

Request a Demo Today