Why Hackers Are Going 'Downmarket' in Their AttacksMichael Hamilton, CISO of Critical Insight, on Evolving Healthcare Security Trends
Hackers are going downstream in their attacks on healthcare sector entities and their vendors because in many cases, these cybercriminals have already hit up the larger players, says Michael Hamilton, CISO of security firm Critical Insight.
"The criminal elements seem to be going downmarket to smaller organizations, which makes sense because they don't have the kind of resources that can help them meet regulatory requirements and have the appropriate controls in place," he says.
The attackers also have started to focus heavily on compromising third-party vendors that handle large volumes of patient data on behalf of smaller healthcare entities, he says.
These include firms that process payments and collections for the healthcare sector. "They have records from 30-plus hospitals … so, it's one-stop shopping," he says. "We see this going downmarket to clinics and going sideways to third parties."
In this video interview with Information Security Media Group, Hamilton also discusses:
- Other emerging health data breach trends;
- What makes healthcare organizations and their vendors so vulnerable to hacking incidents;
- Advice to healthcare sector entities.
One of Critical Insight Security's founders, Hamilton has 30 years of experience in information security as a practitioner, consultant, executive and entrepreneur. As a former CISO for the city of Seattle, he managed information security policy, strategy and operations for 30 government agencies. Prior to that, he was the managing consultant for VeriSign Global Security Consulting, providing expertise for hundreds of organizations, from Fortune 100 to small private colleges, and in nearly every sector. He is former vice chair for the DHS State, Local, Tribal, and Territorial Government Coordinating Council and recently served as a policy adviser for the Washington state office of the CIO.