Securing Patient Trust: Fortifying Healthcare with Identity Verification
2nd cyberattack in 4 months at Michigan Medicine leaks data of nearly 58,000 patients
"Michigan Medicine announced Thursday that it has been hit for the second time in four months by a cyberattack that targeted employee email accounts and compromised protected health information, such as the names, medical record numbers and diagnostic and/or treatment information of nearly 58,000 people. A Michigan Medicine employee accepted an unsolicited multi factor authentication prompt, which allowed the cyberattacker to access the employee’s email account and its contents."
Attackers Delight: Why Does Healthcare See So Many Attacks?
“The healthcare sector has become a prime target for cybercrime, given the amount of confidential data stored within systems,” Gregg Hardie, Public Sector Director at SailPoint explains. Sensitive health data has high value, up to nine times as much as banking information, and risks being held to ransom, released to the dark web, or sold to the highest bidder for whatever nefarious activities.”
Millions affected in major health data breach caused by a missing password
“A huge database containing sensitive customer information from the Mexican healthcare sector left unprotected online. According to Cybernews, the database contained sensitive information on more than five million people, leaking things like names, ethnicity, nationality, religion, blood type, birth dates, gender, phone number, email address, CURP (Mexican personal identification number), expenses, hospitals visited, and payment request descriptions.”
Colorado provider Axis Health System hit by ‘cyber incident’
“The provider, which offers primary care, dental services and mental healthcare, said its primary care patient portal is currently offline. Dubai-based cybersecurity firm HackManac said in a post on X that Rhysida, a ransomware group that has previously targeted the healthcare sector, claimed responsibility for the incident. The group is seeking a nearly $1.6 million ransom, according to the post.”
领英推荐
Community Clinic of Maui says 123,000 affected by May cyberattack
“The clinic, also known as Mālama, said the hackers had access to personal data between May 4 and May 7, stealing? information including Social Security numbers, passport numbers, financial account numbers with CVV numbers and expiration dates as well as troves of data on medical treatments. The hackers also stole routing numbers, bank names, financial account numbers and some biometric data. A total of 123,882 were impacted by the attack, which forced the clinic to take servers offline.”
Insights:
The healthcare sector is increasingly under siege from cyberattacks, with sensitive patient data at significant risk. The alarming frequency of these breaches is illustrated by Michigan Medicine's second cyberattack within four months, which compromised the personal health information of nearly 58,000 individuals. Attackers gained access through a multi-factor authentication (MFA) prompt mishandling, underscoring the vulnerability of secure authentication through simple but effective attack methods.
Healthcare data, with its high market value, remains a prime target for cybercriminals. Whether it's medical records, diagnostic information, or financial details, attackers leverage this data for ransom or illegal sales, which can have devastating consequences for both individuals and organizations. The recent Axis Health System breach, for instance, highlights the financial stakes, with a $1.6 million ransom demand following the exposure of a patient portal.
In response to growing security threats, leading healthcare providers are replacing both password-based systems and traditional multi-factor authentication with modern Identity Verification (IDV) solutions. IDV strengthens security by using biometrics and document verification to ensure only fully authorized personnel can access sensitive systems.
While IDV is the best defense against these security threats, implementation can be complex, slow, and costly. This is why leading healthcare organizations are adopting IdRamp’s IDV Orchestration platform to simplify deployment without the complexities and high costs typically associated with custom verification workflows.
By automating Know Your Patient (KYP) and Know Your Employee (KYE) compliant identity verification, IDV Orchestration helps healthcare institutions reduce fraud, accelerate onboarding, increase security, and eliminate manual verification processes.
Integrating IDV into healthcare systems not only protects sensitive data but also ensures organizations can respond effectively to evolving cyber threats. With IDV Orchestration, healthcare providers can protect patient trust, minimize the risk of costly breaches, and maintain compliance with evolving regulatory demands. Contact IdRamp to learn how IDV Orchestration can help your organization.