September 24, 2015
Lately, it seems like every time you open a healthcare newsletter, there is a report of another data breach. Whether data breaches are occurring within big healthcare organizations or consumer companies, we, as both patients and consumers, are becoming increasingly aware that our personal information is always at risk.
Just this year, Premera, Anthem and CareFirst Blue Cross Blue Shield made headlines as they experienced some of the largest hacks ever reported in healthcare. Experts have already claimed that 2015 is the “year of the healthcare hack” (Reuters), and the same experts predict that this trend isn’t going away any time soon. Cyber criminals are executing more sophisticated attacks, catching many organizations off guard and unable to protect information assets.
Why are hackers targeting the healthcare industry?
According to a New York Times article, medical identity theft is a booming business. Healthcare insurers and hospitals are gold mines for valuable information that can be sold on the black market for a surprising amount of money. The New York Times article cites that a patient’s medical record sells for roughly $251 on the black market, while credit card information sells for about 33 cents. This statistic presents another question:
Why is healthcare information so valuable?
When large businesses like Target and Home Depot were hacked, banks were able to quickly cancel credit cards in an attempt to stop additional fraudulent activity. That isn’t the case for healthcare organizations because a patient heath record contains information that is not easily destroyed (e.g. social security number, date of birth, etc.). Access to this information allows hackers to steal identities and commit insurance fraud, among other criminal activities.
The fact is, the threat to data security is growing and always changing. Hackers are compromising sensitive health information at an alarming pace. As the volume of data flooding into the healthcare system increases (from wearables, EHRs, and more), healthcare organizations will continue to serve as a prime target for cyber criminals.
Unfortunately, this trend will likely accelerate in healthcare. Luckily, one of our clients, CynergisTek, an Austin-based healthcare privacy and security consulting firm, is an expert on helping healthcare organizations secure their systems and prevent data breaches. Check out their Vice President of Compliance, David Holtzman’s, thoughts here: Three Ways to Lower Risk of Getting Hacked (Health Data Management).