Hackers Breach Biotech Companies’ Email – How Do CIOs Protect Against Such Data Theft?


Dec 8, 2014 TigerText

By: Sean Whiteley; TigerText Chief Operating Officer

Most people, CIOs and network IT staff included, think that email is one of the most protected work assets they use. With strict login protocols resting on a secure corporate network, one has to be safe, right?

Wrong. In a recent news article, the New York Times pointed out how hackers are learning new tricks to get people to hand over their company username and password, as the hackers quietly raid their inbox for critical information and documents.

It’s All Fines

This hacking attack poses a real problem for many of the companies involved, particularly because most of them are in the healthcare industry. This industry includes several organizations – clinics, doctor offices, hospitals, medical device and pharmaceutical companies and several others – that have to meet HIPAA compliance requirements for data security and protecting PHI.

The New York Times article shares, “Half of these companies fall into the biotechnology sector; 13 percent sell medical devices; 12 percent sell medical instruments and equipment; 10 percent manufacture drugs; and a small minority of targets include medical diagnostics and research organizations, health care providers and organizations that offer health care planning services.”

In addition to the theft of critical and confidential company information, these breaches may have opened these companies up to significant fines from the U.S. Department of Health & Human Services Office for Civil Rights (HHSOCR) who enforces the HIPAA laws, which govern these healthcare industries.

Even though the files that were taken were standard types of communication documents such as safety reports, internal documents about investigations and audits and information protected by attorney-client privilege, these documents are critical to a company’s public image and create a legal liability with their customers, vendors, shareholders, and of course, the government.

Using a More Secure Channel

“It is situations like these the weakness of email systems becomes apparent. Using a compliant and secure messaging platform such as TigerText can prevent this type of data theft though,” said Brad Brooks, TigerText co-founder and CEO.

TigerText is a cross-platform solution, meaning it can be accessed on desktops as well and mobile devices, making it easy-to-use in an enterprise environment. But unlike email, secure messaging systems such as TigerText protect the data – be it a message or an attached file or image.

Messages and attachments are encrypted so if a device is hacked, lost or stolen, the messages and attachments cannot be read. Also, messages and attachments auto-delete after a set period of time and can be remotely wiped, preventing a hacker from being able to access or capture the messages.

What is frightening about these hacking attacks though, is the sophistication about them – they used social engineering to gain access to private emails and file attachments. And this is not the first time this has been done, and will not be the last time.

Companies – and their respective CIOs – must step up their IT security infrastructure and processes and look to new tools such as secure messaging. Protecting company data, patient data in particular, is crucial, hence why healthcare and biotech companies must insure complete data protection to avoid hacking, HIPAA fines and possible legal issues.

Using HIPAA compliant secure messaging as one of the critical data communication channels will help protect everyone from future hacking attacks. Had these biotech companies used a solution with encryption, and the ability to set message lifespans and remote wipe devices, it would have been very hard for these set of hackers to get the documents they were looking for, or even if they gain access in the first place.

 

Download Top 10 Questions to Ask Before Selecting a Secure Messaging Solution to learn more about the benefits of secure texting.