3rd Party Risk Management , Governance & Risk Management , Video

Why Hackers Are Going 'Downmarket' in Their Attacks

Michael Hamilton, CISO of Critical Insight, on Evolving Healthcare Security Trends
Michael Hamilton, CISO, Critical Insight

Hackers are going downstream in their attacks on healthcare sector entities and their vendors because in many cases, these cybercriminals have already hit up the larger players, says Michael Hamilton, CISO of security firm Critical Insight.

See Also: Every Second Counts: 6-Step Ransomware Remediation Guide

"The criminal elements seem to be going downmarket to smaller organizations, which makes sense because they don't have the kind of resources that can help them meet regulatory requirements and have the appropriate controls in place," he says.

The attackers also have started to focus heavily on compromising third-party vendors that handle large volumes of patient data on behalf of smaller healthcare entities, he says.

These include firms that process payments and collections for the healthcare sector. "They have records from 30-plus hospitals … so, it's one-stop shopping," he says. "We see this going downmarket to clinics and going sideways to third parties."

In this video interview with Information Security Media Group, Hamilton also discusses:

  • Other emerging health data breach trends;
  • What makes healthcare organizations and their vendors so vulnerable to hacking incidents;
  • Advice to healthcare sector entities.

One of Critical Insight Security's founders, Hamilton has 30 years of experience in information security as a practitioner, consultant, executive and entrepreneur. As a former CISO for the city of Seattle, he managed information security policy, strategy and operations for 30 government agencies. Prior to that, he was the managing consultant for VeriSign Global Security Consulting, providing expertise for hundreds of organizations, from Fortune 100 to small private colleges, and in nearly every sector. He is former vice chair for the DHS State, Local, Tribal, and Territorial Government Coordinating Council and recently served as a policy adviser for the Washington state office of the CIO.

About the Author

Marianne Kolbasuk McGee

Marianne Kolbasuk McGee

Executive Editor, HealthcareInfoSecurity, ISMG

McGee is executive editor of Information Security Media Group's HealthcareInfoSecurity.com media site. She has about 30 years of IT journalism experience, with a focus on healthcare information technology issues for more than 15 years. Before joining ISMG in 2012, she was a reporter at InformationWeek magazine and news site and played a lead role in the launch of InformationWeek's healthcare IT media site.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.