I think I can speak for everyone when I say I can’t wait for spring to finally arrive. After a long, cold winter, April brings hope for warm weather, outdoor activities and for some, planning for an upcoming summer vacation. With just a few clicks, you can search and plan an entire trip on an online travel website and book the dream vacation for you and your family in minutes.
Unfortunately, the new reality with all online data is that it is at risk. From the Sony Hack in 2014, to the latest Orbitz travel website breach, data hackers continue to lurk everywhere. Healthcare needs to make security a top priority as data hackers and cybercriminals are a serious threat. Before you book your next vacation, let’s take a look at the latest breach with Orbitz travel website.
Overview of Orbitz Breach
Orbitz recently announced that as many as 800,000 payment cards used on Orbitz.com between January 1, 2016 and June 22, 2016 may have been breached. In addition, customer information from multiple travel sites that used Orbitz as their booking engine was possibly compromised as well. One of the major affected sites was American Express’s travel site, Amextravel.com.
The current Orbitz site was not involved, but the information that was likely accessed could include the customer’s full name, payment card information, date of birth, phone number, email address, physical and/or billing address and gender. Expedia, Orbitz’s parent company, is notifying all customers and partners that could have been affected by this breach. In light of this tragic cyberattack, Orbitz has created a website where customers can find out more about the breach and whether their information may have been compromised.
The Cost of a Breach to Your Organization
All online data is at risk but healthcare data is even more unique and valuable, making it a prime target for cybercriminals and hackers to attack. While information such as social security numbers are a commodity and may sell for $1 on the black market, electronic health data sells for $50 per chart according to the FBI Cyber Division. By attacking healthcare organizations, cybercriminals can access medical records as well as personal data like social security numbers and credit card information. Aside from the abundance of available data that can be stolen, a breach also will cost your organization a significant amount of money. A global study from the Ponemon Institute shows that the average cost of a data breach is $3.62 million. The study also notes that a criminal or malicious attack – the most common type of breach in healthcare – is costlier than a breach caused by system glitch or human error. That’s not all – healthcare still has more to think about compared to other industries. While it is estimated that the average cost per lost or stolen record is $141 across industries, the average cost per stolen record in healthcare is $380.
3 Key Takeaways for Healthcare
In light of the Orbitz breach, we have compiled three key takeaways that healthcare can learn from this cyberattack.
Understand the Vendors You Are Working With (And Their Vendors, Too)
A key way to limit the risk to your network is to consolidate the number of vendors you work with. The more you can eliminate handoffs with your data, the less likely that data is to be compromised by hackers. When selecting vendors, ask to see their security and compliance certifications – do not simply trust a vendor who self-attests to being compliant and secure. Here are the certifications you want to look for when selecting a vendor.
Use a P2PE Validated Solution to Keep Credit Card Data Off Your Network
We talk a lot about point-to-point encryption (P2PE), but this is because it is crucial for protecting payment data from being exposed and intercepted by hackers. If you use a PCI-Validated P2PE solution, then you can keep credit card data off of your network completely, which not only protects payment data from exposure, but can also reduce your PCI compliance efforts. Only P2PE solutions listed on the PCI SSC website are PCI-Validated.
Regularly Scan Your Network for Vulnerabilities and Patch Your Systems
Web vulnerabilities are prevalent: in 2016, 76% of scanned websites had vulnerabilities and over 229,000 attacks were blocked per day. If you regularly scan your networks for vulnerabilities, you can detect threats sooner and move faster to prevent attacks. Read Symantec’s report for a full understanding of internet security threats. Along with regular network scans, your organization should also consider patching your systems. A patch is a piece of software designed to update a program or the supporting data and operating system to fix or improve it. Patches can protect your systems from harmful threats lurking on networked devices. You should always apply patches as soon as possible or else risk exposure to hackers which can result in a massive breach.