Hackers Threaten Healthcare Data and Patient Care as Hospitals Endure Overload | Fornetix

Every industry is vulnerable to data breaches, but the healthcare industry has long stood out above the rest. This vulnerability may prove particularly damaging not only to Protected Health Information (PHI) during the COVID-19 crisis but also patient care.

59% of the U.S. population has already had their healthcare records stolen

According to, prior to COVID-19 hitting the globe, healthcare data breaches were already being reported at a rate of more than once per day. Protenus Breach Barometer reported that in 2018 the healthcare sector saw 15 million patient records compromised in 503 breaches, three times the amount seen in 2017. But by July 2019, that number had skyrocketed with potentially more than 25 million patient records breached.

Medical records contain valuable and sensitive personal data including social security numbers, insurance information, payment details, personal health records, and more. According to Experian, a patient’s full medical record can sell for up to $1,000. By comparison, Social Security numbers typically sell for $1 and credit card information for up to $110.

In early March, sources informed Reuters that hackers tried to break into the World Health Organization (WHO). While the attempt was unsuccessful, WHO Chief Information Security Officer Flavio Aggio warned, “that hacking attempts against the agency and its partners have soared as they battle to contain the coronavirus.”

Increased IoT-focused cyberattacks may impact patient care

As recently as November 2019, Threatpost, a leading source for IT and business security news, reported that IoT security woes were already plaguing the healthcare industry. “At least 82 percent of connected medical devices have been targeted in the past year, opening the potential for a variety of attacks, from highly sensitive information disclosure to denial of service (DoS) for critical devices,” a recent Xtelligent Healthcare Media survey found.

At the same time COVID-19 began accelerating in the U.S. in February, Elad Luz, Head of Research at CyberMDX, warned that “Healthcare organizations are increasingly experiencing IoT-focused cyberattacks.”

There are a number of vulnerabilities in the area of IoT and cybersecurity, but perhaps the most devastating are those that put people’s lives at risk. Many ailments are treated with cloud-based monitoring services or embedded IoT devices like those being used to treat patients with COVID-19.

Unfortunately, medically-necessary IoT devices can and are being compromised by cyberattacks capable of disrupting the delivery of lifesaving health services – putting people’s lives at risk – and with the projected increase in patients requiring medical interventions such as ventilation, IV pumps, anesthesia, and patient monitoring, the consequences could be devastating if the correct security measures aren’t in place.

Is the healthcare industry prepared?

Much of the global healthcare industry is understandably distracted by caring for the overwhelming number of COVID-19 patients. Combined with the surge in cyberattacks that have coincided with the rise of the virus, this leaves an already-taxed industry even more vulnerable.

Vulnerabilities to ransomware, malware, botnets, and online medical device attacks have seen a sharp rise due to numerous factors; the interconnectedness of hospital operations, close ties with third-party vendors, the rising complexity of hospital technology systems, and reliance on an extensive variety of connected networks.

Encryption is the most consistent security mechanism available for securing data and IoT devices. While many healthcare organizations are proactively encrypting data, even more, they are failing to properly manage the encryption ecosystem by regularly rotating their keys – a poor practice like having just one password across all logins or devices and never updating it. With real attacks impacting healthcare right now, it is critical that organizations place enhanced key management measurements into their cyber-defense protocol immediately.

How VaultCore™ can quickly help healthcare organizations secure critical personal data and patient care

Key management is at the core of making encryption a strong security tool. VaultCore by Fornetix® is a groundbreaking cybersecurity solution that unleashes encryption’s full potential by deploying and enforcing key management across an entire organization—across all devices. This unified approach allows storage and control of all encryption keys in all environments; whether it’s on-premise storage, virtualized, or cloud.

Delivered as a physical or virtual appliance, VaultCore can swiftly integrate with a healthcare organization’s existing infrastructure and current encryption strategy. This immediately decreases data loss, enables compliance with privacy regulations, effectively manages third-party risk, and protects the lives of patients. VaultCore automatically updates and secures the encryption keys necessary to decrypt data so it can be read. In short, when data is properly encrypted, it remains unreadable and therefore useless to the attacker because they’re unable to decrypt it. With industry-leading capacity, VaultCore allows medical devices to each be given unique encryption keys instead of relying on a single key for all devices. Additionally, VaultCore can verify the cryptographic integrity of data to ensure critical code has not been tampered with.

Backed by granular policy tools, intuitive access controls, and powerful automation, VaultCore is the only key management solution in the world that can manage hundreds of millions of encryption keys across every device, reduce human error, maintain compliance, and give the industry some much-needed peace of mind that every device that serves, stores, transmits, or collects patient or other critical data is protected to the fullest extent.


PRESS RELEASE: Fornetix Announces Key Orchestration™ Name Change to VaultCore™ and Launches Version 2.4

Improved features help VaultCore amplify its data protection capabilities

FREDERICK, MARYLANDFornetix LLC, an industry pioneer and leader in enterprise encryption management technology, announced today that they have changed their flagship key management solution’s name from Key Orchestration to VaultCore.

“Welcome to the future of encryption key management! We are excited to announce the VaultCore brand to better reflect the success of our patented, military-grade automated encryption key management solution. As sophisticated hacks continue to grow and make securing enterprise data more complex, VaultCore is designed to equip organizations to meet serious, and pervasive security threats with an interoperable, scalable, and highly secure system for easily managing encryption across all technology stacks,” said Mark Gilroy, Fornetix CEO.

With flexible deployment options including hardware or software appliances, VaultCore enables a unified approach to data security through leveraging and enforcing encryption across an entire organization. With unified encryption management, users can store and control all encryption keys across all environments, whether it is on-premise storage, virtualized, or in the cloud.

Fornetix has also released VaultCore version 2.4. This powerful upgrade provides numerous improvements including a simplified user interface, an all-new plugin framework, and outbound interfaces with powerful technologies such as REST, NETCONF, and RUCKUS.

VaultCore’s new user interface has been simplified with easy and intuitive controls while providing new capabilities like a single touch point for automation and scheduling, better methods to organize your architecture, and improved built-in documentation.


The Plugin Manager is the expansion and integration of a new server-side component that operates dynamic loading and integration of other server-side components. This allows for the creation of new capabilities and features in a more consistent, rapid, and repeatable manner. These plugins maintain a secure crypto architecture with the agility to meet the evolving needs of VaultCore users. The License Manager Plugin centralizes and streamlines licensing operations and allows for status checks of license keys, activation and deactivation of licenses, and a framework for licensing new features and plugins in a secure, scalable manner.

With new Outbound Interface Plugins, users can leverage commands for network management through VaultCore Compositions with the power of the new Plugin Framework. As such, the VaultCore platform can now deploy powerful automation that merges cryptographic key lifecycle with system configuration and administration, becoming a central hub of core capabilities in the organization.

“These software developments further Fornetix’s commitment to helping secure our customers’ data and streamlining each users experience,” said Chuck White, Chief Technology Officer. “The vast amount of data and information being generated today is more often necessitating millions of encryption keys,” White added.

Through VaultCore, Fornetix is able to deliver powerful encryption management and security to a broad range of industries including healthcare, banking, utilities, telecoms, and more. As part of our commitment to serving users around the globe, the VaultCore server can now operate in Coordinated Universal Time. This harmonizes global High-Availability deployments of the technology across multiple time-zones.

“We want companies to have the opportunity to evaluate VaultCore risk-free and see for themselves why Dell, the U.S. intelligence community, financial institutions, telecommunications, and so many other major industries are choosing VaultCore above other key management solutions, so we’ve created a fully-enabled trial offer,” said Chuck White, CTO. “We have no doubt that after users evaluate our robust solution for free, they’ll want VaultCore to permanently protect their most valuable data assets.”

For more information, or to evaluate for yourself risk-free for 30-days how VaultCore renders cyberattacks useless, visit

About Fornetix

Fornetix® delivers VaultCore™, the only enterprise key manager with the capacity and horsepower to manage hundreds of millions of encryption keys, the number required by cutting-edge IoT networks and applications. This unmatched scalability empowers organizations to build a data security strategy with encryption as the bedrock foundation — no compromises needed. Powerful tools for automating the key lifecycle, enforcing cryptographic policies, and rapidly integrating with the most popular IT services and technologies sets a new standard and opens new opportunities for broad encryption deployment. For more information visit