Information hacked from a financial institution or a bank is quickly rendered useless once the data breach is exposed and passwords are modified. On the other hand, classified information from the healthcare industry contains not only personal identity but also patients’ medical histories that last a lifetime.
It is predicted that data breaches in hospitals will cost the medical fraternity more than $300 billion in the next five years and one in 12 patients would have their personal information compromised by a data breach, according to noted industry consultants.
A recent study revealed that since early 2010, the medical data of more than 150 million Americans were compromised without their knowledge in over 1400 data breaches. The conclusions of the study revealed that the healthcare industry is specifically vulnerable to data breaches and privacy hacks.
Data contained in healthcare records is a minefield of valuable information as it not only includes the patient’s healthcare histories, but also their Social Security numbers and home addresses. All data hacked by cyber criminals are usually sold for a premium to rival companies or on the illegal-market and hence there is a huge motive to concentrate attacks on the health care industry given the valuable information that records hold.
In recent times, there has been a greater focus and push towards integrated care, wherein healthcare information is now being disseminated among various kinds of entities in which a number of employees can gain access to patient information. A comprehensive access to healthcare records of patients substantially enhances the likelihood of data breaches. At the same time, in order to comply with legal demands, the medical fraternity tends to give detailed patient history for a number of years. Hence, the likelihood of a data hack, and the probable severity of the outcome, also increases, based on the information stored and the length of time it is hived away.
In recent times, the healthcare industry has been barraged by a number of persistent attacks and sophisticated threats from cyber criminals in the form of ransomware.
Recently, a cybercriminal claimed to have stolen the entire database of more than two US healthcare organisations and from an insurer, thus holding over 8 million healthcare records of patients over ransom, and demanding more than $500,000 in bitcoins.
In another incident, a medical centre in Los Angeles paid over US$50,000 to cyber hackers who incapacitated their computer systems.
In other cases it is seen that cyber criminals also go in for affiliated vendors of hospitals and insurers that service the healthcare industry.
Ideally, it can be relatively simple to defend against ransom ware; only current backups should be kept off-line by insurers, affiliated vendors and healthcare providers and when a data breach does take place, these backups can be used to reinstate the information.
Unfortunately, the healthcare industry has not been as fast as the rest of the other industries in educating their staff regarding the dangers of data breaches and who would be able to manage and access critical systems to restore and store classified information. It is important for hospitals and healthcare centres to be proactive about data security as data breaches are likely to get more sophisticated in the coming days.
Analysts and security experts opine that rather than focusing on strengthening external defenses and perimeter security such as firewalls and antivirus software, data encryption and document protection are the best forms of cyber security measures. And more importantly the instruction within every healthcare centre should be that data and document security becomes everybody’s business and not just the IT department’s concern.