Point of sale terminals are the most common target in breaches in the health care system, even as health care professionals focus more on protecting data privacy than payment systems, according to Verizon’s 2013 Data Breach Investigations Report (DBIR).
Some 64 percent of such breaches in the health care system focus on point of sale terminals while only 38 percent target desktops or workstations, according to the report. Criminals easily prefer attacking point of sales terminals in the healthcare industry over going for healthcare documents, the data show.
“The health care area is very used to the patient-privacy aspect of securing the data and may not be paying too much attention to their payment systems,” said Suzanne Widup, senior analyst on the Verizon Risk Team. “We find that the health care breaches act a lot like retail breaches in as much as that it’s the organized crime groups going after the payment chain, so they’re looking for the credit cards and the Social Security numbers they can turn into money.”
The study also showed that 75 percent of all cyber attacks were motivated by the prospect of financial gain. Some 37 percent of all security breaches target financial organizations, while 24 percent targeted restaurants, the study also revealed.
Saying that companies or institutions need to figure outÂ what attackers might need from them, Widup believes itâ€™s important for logging systems to be set in place to determine circumstances that might lead to theft or fraud.
If financial gains are the main incentives for attacking an organization, they should fend off attacks by defending against attacks on their payment systems, Widup says. She also said administrative passwords should be changed regularly and that regular security patches for known vulnerabilities should be issued by POS software vendors.