One year ago, Anthem announced a massive data breach, starting what would be a year that saw more large-scale hacker-related healthcare breaches than ever before. Premera also disclosed a massive breach shortly after, followed by several other notable names, with millions of individuals affected. In 2015, “the top six hacker attacks [in healthcare] affected a combined total of 90 million individuals” according to a recent article citing the U.S. Dept. of Health and Human Services. In fact, research from the Ponemon Institute shows that criminal activity is now the leading cause of data breaches in healthcare. The Ponemon study also reveals that “criminal attacks in healthcare are up 125 percent since 2010.” There’s no reason to think this trend will stop anytime soon.
Let’s look at some of the reasons behind the trend:
Value of Healthcare Data
Healthcare data is estimated at 10 times that of credit card information on underground markets. Because the data often includes details such as social security numbers that can be used to fraudulently obtain new lines of credit, the data is worth much more than a single credit card that is quickly cancelled once fraudulent charges are noticed. This type of information can also be used for Medicare and other medical insurance frauds. Hackers see healthcare data as a higher value target.
More Electronic Records
Healthcare organizations have continued to adopt electronic health records (EHR) over the past few years, leading to more electronic records subject to potential breaches. Data from the Office of the National Coordinator for Health Information Technology shows that adoption of EHR has increased eight-fold between 2008 and 2014, with three out of four hospitals using at least a basic EHR system as of 2014. That means eight times as many organizations with records available in electronic form for hackers to target.
Information Security Lagging at Healthcare Organizations
Many healthcare organizations are not keeping up with the latest security protections to keep data safe from breaches. In a HealthcareITNews article, Avivah Litan, cybersecurity analyst at Gartner, is quoted as telling Associated Press after the Anthem hack, "The healthcare industry is generally about 10 years behind the financial services sector in terms of protecting consumer information." For hackers, this means easier targets with fewer defenses in place.
If you’re a healthcare organization struggling to keep up with IT security because of limited time, limited budgets, or limited on-staff security expertise, EiQ may be able to help. EiQ provides the people, process, and technology for an effective information security program.
EiQ currently offers two services:
- SOCVue Security Monitoring is a co-managed SIEM/log management service that includes proactive security controls automation and compliance reporting delivered via an affordable monthly subscription.
- SOCVue Vulnerability Management helps reduce your attack surface by proactively scanning your IT assets for potential vulnerabilities, while saving time and reducing your operational costs. The scan results are integrated with the SOCVue Security Monitoring service so that vulnerabilities are correlated with other security event data.
Would you like to learn more?