Hackers Threaten Healthcare Data and Patient Care as Hospitals Endure Overload | Fornetix

Every industry is vulnerable to data breaches, but the healthcare industry has long stood out above the rest. This vulnerability may prove particularly damaging not only to Protected Health Information (PHI) during the COVID-19 crisis but also patient care.

59% of the U.S. population has already had their healthcare records stolen

According to, prior to COVID-19 hitting the globe, healthcare data breaches were already being reported at a rate of more than once per day. Protenus Breach Barometer reported that in 2018 the healthcare sector saw 15 million patient records compromised in 503 breaches, three times the amount seen in 2017. But by July 2019, that number had skyrocketed with potentially more than 25 million patient records breached.

Medical records contain valuable and sensitive personal data including social security numbers, insurance information, payment details, personal health records, and more. According to Experian, a patient’s full medical record can sell for up to $1,000. By comparison, Social Security numbers typically sell for $1 and credit card information for up to $110.

In early March, sources informed Reuters that hackers tried to break into the World Health Organization (WHO). While the attempt was unsuccessful, WHO Chief Information Security Officer Flavio Aggio warned, “that hacking attempts against the agency and its partners have soared as they battle to contain the coronavirus.”

Increased IoT-focused cyberattacks may impact patient care

As recently as November 2019, Threatpost, a leading source for IT and business security news, reported that IoT security woes were already plaguing the healthcare industry. “At least 82 percent of connected medical devices have been targeted in the past year, opening the potential for a variety of attacks, from highly sensitive information disclosure to denial of service (DoS) for critical devices,” a recent Xtelligent Healthcare Media survey found.

At the same time COVID-19 began accelerating in the U.S. in February, Elad Luz, Head of Research at CyberMDX, warned that “Healthcare organizations are increasingly experiencing IoT-focused cyberattacks.”

There are a number of vulnerabilities in the area of IoT and cybersecurity, but perhaps the most devastating are those that put people’s lives at risk. Many ailments are treated with cloud-based monitoring services or embedded IoT devices like those being used to treat patients with COVID-19.

Unfortunately, medically-necessary IoT devices can and are being compromised by cyberattacks capable of disrupting the delivery of lifesaving health services – putting people’s lives at risk – and with the projected increase in patients requiring medical interventions such as ventilation, IV pumps, anesthesia, and patient monitoring, the consequences could be devastating if the correct security measures aren’t in place.

Is the healthcare industry prepared?

Much of the global healthcare industry is understandably distracted by caring for the overwhelming number of COVID-19 patients. Combined with the surge in cyberattacks that have coincided with the rise of the virus, this leaves an already-taxed industry even more vulnerable.

Vulnerabilities to ransomware, malware, botnets, and online medical device attacks have seen a sharp rise due to numerous factors; the interconnectedness of hospital operations, close ties with third-party vendors, the rising complexity of hospital technology systems, and reliance on an extensive variety of connected networks.

Encryption is the most consistent security mechanism available for securing data and IoT devices. While many healthcare organizations are proactively encrypting data, even more, they are failing to properly manage the encryption ecosystem by regularly rotating their keys – a poor practice like having just one password across all logins or devices and never updating it. With real attacks impacting healthcare right now, it is critical that organizations place enhanced key management measurements into their cyber-defense protocol immediately.

How VaultCore™ can quickly help healthcare organizations secure critical personal data and patient care

Key management is at the core of making encryption a strong security tool. VaultCore by Fornetix® is a groundbreaking cybersecurity solution that unleashes encryption’s full potential by deploying and enforcing key management across an entire organization—across all devices. This unified approach allows storage and control of all encryption keys in all environments; whether it’s on-premise storage, virtualized, or cloud.

Delivered as a physical or virtual appliance, VaultCore can swiftly integrate with a healthcare organization’s existing infrastructure and current encryption strategy. This immediately decreases data loss, enables compliance with privacy regulations, effectively manages third-party risk, and protects the lives of patients. VaultCore automatically updates and secures the encryption keys necessary to decrypt data so it can be read. In short, when data is properly encrypted, it remains unreadable and therefore useless to the attacker because they’re unable to decrypt it. With industry-leading capacity, VaultCore allows medical devices to each be given unique encryption keys instead of relying on a single key for all devices. Additionally, VaultCore can verify the cryptographic integrity of data to ensure critical code has not been tampered with.

Backed by granular policy tools, intuitive access controls, and powerful automation, VaultCore is the only key management solution in the world that can manage hundreds of millions of encryption keys across every device, reduce human error, maintain compliance, and give the industry some much-needed peace of mind that every device that serves, stores, transmits, or collects patient or other critical data is protected to the fullest extent.


PRESS RELEASE: Fornetix Announces Key Orchestration™ Name Change to VaultCore™ and Launches Version 2.4

Improved features help VaultCore amplify its data protection capabilities

FREDERICK, MARYLANDFornetix LLC, an industry pioneer and leader in enterprise encryption management technology, announced today that they have changed their flagship key management solution’s name from Key Orchestration to VaultCore.

“Welcome to the future of encryption key management! We are excited to announce the VaultCore brand to better reflect the success of our patented, military-grade automated encryption key management solution. As sophisticated hacks continue to grow and make securing enterprise data more complex, VaultCore is designed to equip organizations to meet serious, and pervasive security threats with an interoperable, scalable, and highly secure system for easily managing encryption across all technology stacks,” said Mark Gilroy, Fornetix CEO.

With flexible deployment options including hardware or software appliances, VaultCore enables a unified approach to data security through leveraging and enforcing encryption across an entire organization. With unified encryption management, users can store and control all encryption keys across all environments, whether it is on-premise storage, virtualized, or in the cloud.

Fornetix has also released VaultCore version 2.4. This powerful upgrade provides numerous improvements including a simplified user interface, an all-new plugin framework, and outbound interfaces with powerful technologies such as REST, NETCONF, and RUCKUS.

VaultCore’s new user interface has been simplified with easy and intuitive controls while providing new capabilities like a single touch point for automation and scheduling, better methods to organize your architecture, and improved built-in documentation.


The Plugin Manager is the expansion and integration of a new server-side component that operates dynamic loading and integration of other server-side components. This allows for the creation of new capabilities and features in a more consistent, rapid, and repeatable manner. These plugins maintain a secure crypto architecture with the agility to meet the evolving needs of VaultCore users. The License Manager Plugin centralizes and streamlines licensing operations and allows for status checks of license keys, activation and deactivation of licenses, and a framework for licensing new features and plugins in a secure, scalable manner.

With new Outbound Interface Plugins, users can leverage commands for network management through VaultCore Compositions with the power of the new Plugin Framework. As such, the VaultCore platform can now deploy powerful automation that merges cryptographic key lifecycle with system configuration and administration, becoming a central hub of core capabilities in the organization.

“These software developments further Fornetix’s commitment to helping secure our customers’ data and streamlining each users experience,” said Chuck White, Chief Technology Officer. “The vast amount of data and information being generated today is more often necessitating millions of encryption keys,” White added.

Through VaultCore, Fornetix is able to deliver powerful encryption management and security to a broad range of industries including healthcare, banking, utilities, telecoms, and more. As part of our commitment to serving users around the globe, the VaultCore server can now operate in Coordinated Universal Time. This harmonizes global High-Availability deployments of the technology across multiple time-zones.

“We want companies to have the opportunity to evaluate VaultCore risk-free and see for themselves why Dell, the U.S. intelligence community, financial institutions, telecommunications, and so many other major industries are choosing VaultCore above other key management solutions, so we’ve created a fully-enabled trial offer,” said Chuck White, CTO. “We have no doubt that after users evaluate our robust solution for free, they’ll want VaultCore to permanently protect their most valuable data assets.”

For more information, or to evaluate for yourself risk-free for 30-days how VaultCore renders cyberattacks useless, visit

About Fornetix

Fornetix® delivers VaultCore™, the only enterprise key manager with the capacity and horsepower to manage hundreds of millions of encryption keys, the number required by cutting-edge IoT networks and applications. This unmatched scalability empowers organizations to build a data security strategy with encryption as the bedrock foundation — no compromises needed. Powerful tools for automating the key lifecycle, enforcing cryptographic policies, and rapidly integrating with the most popular IT services and technologies sets a new standard and opens new opportunities for broad encryption deployment. For more information visit

Blue cityscape

PRESS RELEASE: Fornetix and OutSecure Partner to Provide Comprehensive Security for Smart Cities

FREDERICK, MD – Fornetix, Inc., an industry pioneer and leader in enterprise encryption management technology, has partnered with OutSecure, a preeminent Cybersecurity & Privacy Strategy creation company, to provide a comprehensive and complete approach to cybersecurity to smart cities.

Read more

Blue clouds

The Benefits of nCipher’s New Serviced-Based Hardware Security Module (HSM)

When considering the intersection of Roots of Trust and the accessibility of services provided by cloud architecture, reliable options quickly become scarce. That is why we at Fornetix are excited to see nCipher launch their “nShield as a Service” (nSaaS) offering. With the combination of Internet of Things (IoT) based technologies and the embracing of “as a Service” cloud capabilities, there is a growing need for HSM services that can be provisioned and integrated with cloud principles while not belonging to a specific cloud vendor. At Fornetix, we built our technology to play to the middle, enabling public, private, and hybrid cloud solutions. We are excited to see nCipher’s nSaaS solution parallel our own. We believe the joint approach will help customers embrace effective use of cryptography no matter how they use technology, whether it be cloud first/cloud native, hybrid cloud, or private cloud.

Read more

City landscape

Ransomware vs Data Breach: What They Are and How You Can Protect Your Enterprise From Them

There are two popular types of malicious attacks: A data breach and a ransomware attack. You may have heard these two terms used interchangeably, however they’re not quite the same.  A data breach occurs when a hacker gains access to information and steals the unencrypted data from the system. This is often used to steal financial, medical, and other personal information. A ransomware attack occurs when hackers gain access to a system and hold the data hostage in exchange for a ransom, regardless of whether the data is encrypted or unencrypted. A hacker may keep the data inside the enterprise’s system but encrypt it so the right people can’t gain access to it. They may also remove the data from the system and return it in exchange for ransom. Both types of attacks have been around for a while, but recently, ransomware attacks have become more prevalent.

Read more

How to Identify IoT Pitfalls and Adopt Technology with Confidence

When looking at technology adoption, I am frequently reminded of Pandora’s Box from Greek mythology. This metaphor rings true when considering the Internet of Things (IoT). Whereas Pandora released a host of evils into the world, with IoT we have released new concerns associated with multiple technologies, multiple standards, scale, and security (or as I like to say, resiliency). When considering the information that flows from the edge, through the cloud, and ultimately to the data center, the lowest common denominator for protecting information is trust created by cryptography (as noted by nCipher’s Juan Asenjo in the other half of this blog series). In this blog, we are going to start by acknowledging the pitfalls of our particular Pandora and then discuss how we find hope in the solution provided by nCipher and Fornetix.

Read more

Man jumping off a cliff

Guest Post: Before You Dive Into IoT, Do These Three Things

Olympic high diving requires concentration and self-control. Before divers jump off a 10-meter platform, they pause at the edge and concentrate on their goal: elegantly perform the acrobatic maneuver and gracefully pierce the water causing minimum surface disturbance. This same disciplined approach is required when adopting new and revolutionary technologies, such as those now available through the Internet of Things (IoT). Decision makers must assess the risks and benefits, consider potential difficulties, and then take the jump.

Read more

Panorama aerial view in the cityscape

Security and the Internet of Everything – Are We Ready?

The demand for connected devices is growing exponentially, but the technology to secure these devices is lagging creating cyber security vulnerabilities at a massive scale.

The Current State of Cyber Security

Every day we hear about breaches, hacks, and cyber-attacks affecting banks, hospitals, transportation, and even entire cities. In some instances, the impact can mean life or death. Our most trusted institutions – like the US election process – are not the pillars of security they once were. And yet the demand for “connected everything” continues to grow in all sectors and across the globe.

Read more

PODCAST: Chuck White Visits ‘New Cyber Frontier’ to Discuss Encryption and Cyber Defense

Our Chief Technology Officer at Fornetix, Chuck White, sat down with Professor Andre Hinton from the New Cyber Frontier podcast to explore the ways powerful encryption can solve the big problems of cybersecurity. Take a listen using the audio player below! Read more

VaultCore: Identity, Credential, and Access Management (ICAM) for the IoT World | Fornetix

When looking at the problems we were trying to solve with VaultCore, IoT and IoE have always been part of the grand vision of orchestration. As more and more systems break down the concept of perimeters or layers, there is a need to address the realities of these changes.

Read more