Health Care Point-of-Sale Breaches a Rising Concern: Verizon

Verizon’s 2013 Data Breach Investigations Report found that financially driven cybercrime underscored 75 percent of the incidents detailed in the study, and Verizon Risk Team analyst Suzanne Widup warns that healthcare organizations risk these kinds of breaches for copayment and credit card transactions. “Healthcare breaches act a lot like retail breaches in as much as that it’s the organized crime groups going after the payment chain, so they’re looking for the credit cards and the Social Security numbers they can turn into money,” she says. Hackers are more motivated to exploit payment point of sale systems than actual electronic health records, as such systems may not have as heavy a focus on security, Widup notes. She suggests that healthcare organizations must determine their level of readiness for financial breaches in view of the final omnibus rule for the Health Insurance Portability and Accountability Act requiring risk assessments. Widup says there is a clear need for organizations susceptible to financially motivated attackers to bolster their defenses for payment and billing systems. Verizon recommends that organizations frequently change their administrative passwords on POS systems, avoid using POS systems for Web browsing, and ensure the POS app’s compliance with the PCI Data Security Standard.

[divide]

From “Health Care Point-of-Sale Breaches a Rising Concern: Verizon”
eWeek (04/23/13) Horowitz, Brian T.