This year, Reuters reported that the FBI released a private notice to the Healthcare industry warning the providers that their cybersecurity systems are weak as compared to other sectors. According to a survey done by the Ponemon Institute, 72% of healthcare organizations say that they are either somewhat confident (32%) or not confident (40 %) at all in the security and privacy of the patient data shared through the HIEs. Personal information found in healthcare records has a high price on the black market, which makes any company that stores such data a tempting target for attackers. This data includes names, Social Security Numbers, birth dates, telephone numbers, member identification numbers, e-mail addresses, and mailing addresses. In the Premera breach, allegedly, medical claim information, including clinical information, was also compromised.

There are so many ways to misuse medical data. For example, Social Security Numbers and mailing addresses can be used to apply for credit cards or to get around corporate antifraud measures. This explains why attackers have targeted U.S. health insurance providers recently. On March 17, 2015, Premera Blue Cross disclosed that the personal details of 11 million customers had been exposed to a hack discovered in January. In February, Anthem, another health insurance provider, stated that 78.8 million customer and employee records were accessed as a result of an attack. Credentials including Social Security Numbers can be sold for a couple of hundred dollars since the lifetime of this data is much longer in comparison to pilfered credit card numbers. Typical targets, such as Finance and Retail, are now more protected from cyber attacks as they have been targeted for decades, but the Healthcare industry is less secured and may bring more profit to an attacker. For instance, the medical claim information, which attackers in the Premera breach accessed, could be used to blackmail victims (according to Jeff Schmidt, the CEO JAS Global Advisors, an IT security firm). Attackers can use sensitive clinical data, such as poor test results, and e-mail patients threatening to make the information public unless a ransom is paid.

We expect the number of breaches in the Healthcare industry to increase. Healthcare organizations face the challenge of securing a significant amount of sensitive information stored in their networks, which combined with the value of a medical identity string makes them an attractive target for cybercriminals.


If your company is in the Healthcare industry, we can help you secure your ERP systems and mission-critical applications. ERPScan, a multi-layer security monitoring suite for SAP and Oracle applications, takes care of business and technical layers, controls security settings in various systems, and analyzes them according to compliance guidelines. ERPScan allows companies to address the challenges specific to the Healthcare industry and to reduce the costs of compliance significantly. Using ERPScan’s preconfigured templates for SAP Healthcare module, companies can assess their systems and monitor weak areas with any level of detail on a scheduled basis. ERPScan Smart Cybersecurity Platform for SAP contains a library of 120+ rules for specific access control checks in SAP systems.


Most Innovative Enterprise Security Solution according to CDM 2017
“Monetizing medical data is becoming the next revenue stream for hackers.” Fred O’Connor, IDG News Service, 20 March 2015
The potential cost of breaches for the healthcare industry could be as much as $5.6 billion annually. By Fourth Annual Benchmark Study on Patient Privacy & Data Security,” Ponemon Institute, March 2014

Interested? Request demo now

Contact us today.

    Select your country:

    Subscribe me your to mailing list