Cygilant Blog

Why is Healthcare the Biggest Target in Town

Posted by Security Steve on Aug 28, 2015

The Healthcare industry continues to be the nation’s ID theft punching bag, walking around town with a giant red target on its back. Need some proof? Leave it to The Identity Theft Resource Center (ITRC) weekly report to come to the party with a big bucket of red paint.  According to its’ August 11, 2015 report, the Medical/Healthcare industry accounts for a whopping 78% of the data records breached so far this year. In real numbers that means of the 140,000 records breached, Medical/Healthcare is the not-so-proud owner of 110,000 of those records.


Why does the Healthcare industry continue to be the biggest target? What makes Healthcare so prone to these attacks?  And what on earth makes this industry so tempting to identity thieves?


  1. It’s Not Exactly About Financial Data.

So let’s be clear, it’s not about stealing financial data. Nope, that’s about stealing credit card numbers, expiration dates, cardholder names, and other similar data. And for those specific cybercriminals, it’s about getting credit card information from retailers and reselling that info for as little as $1 per number. The customer won’t be happy and the retailer (think Target, Home Depot) isn’t so happy either.  But generally, customers can deactivate their cards and get a refund.


  1. It IS about Personal Information. 
Personally Identifiable Information (known as PII) can be far more serious form of data breach, simply because it’s more than just someone racking up expensive purchases on your credit card.  PII is the much scarier version of a data breach. It’s about stolen names, addresses, date of birth, driver’s license numbers and Social Security numbers. All that precious info is the basis for identity theft.  Credit lines can be opened, tax refunds redirected, Social Security claims filed – quite frankly, the list is endless.  And remember, the kicker here is that unlike credit cards, which can be deactivated and the customer reimbursed, you can’t hit reboot on your identity.
Is it profitable?  You bet it is.  Because of the long-lasting value of PII, it sells for a much higher price on the black market – up to $15 per record. This is most often seen when companies storing a large volume of customer records experience a data breach, such as – you guessed it - a healthcare insurer. And this is so much worse for the consumer – much more so than just credit card info, because it’s all encompassing and much longer lasting. 


This is where the EIQ security healthcare solutions can help. EIQ’s SOCVue helps prevent unauthorized access to protected health information (PHI) and improve HIPAA compliance with 1) 24x7 security monitoring for critical healthcare IT infrastructure; 2)Log management, access control monitoring and HIPAA compliance reporting; and 3)Continuous assessment of security controls to reduce risk of an ePHI data breach.

Tags: Healthcare, Cyber Attack, HIPAA, Managed Security Services

Most Recent Posts

Subscribe to Email Updates