In 2015, IBM’s Cyber Security Intelligence Index declared it to be the “year of the healthcare breach.”
Among the whopping total of 720 data breaches altogether in 2015, some of the most invasive and debilitating included the Excellus BlueCross BlueShield Breach, the cyber attack against Premera BlueCross, and coming in at 78.8 million patient medical records compromised, the Anthem hack was the largest health care security breach on record.
As cyber criminals become a more prevalent threat, the medical field has been slow to keep up with technological advances that are strengthening cyber intelligence in other sectors.
While some industries worry mainly about unauthorized access to vulnerabilities in non-encrypted financial information, hackers have found hospitals and health care providers to offer more valuable information in the form of private medical records.
When a credit card number or debit card password is stolen, it can take mere moments for the owner to check their account online and detect suspicious activity, allowing them to quickly place a hold or cancel the account. Medical records, on the other hand, create a much stickier problem when falling into the wrong hands.
Not only do health records provide personal financial information, but Social Security numbers, lab results, and prescriptions are at risk to be hacked and often sold on the black market. But what value does this information hold for potential buyers?
Angel Grant, President of computer and network company RSA, provided some insight in a report for Infoworld.com on the increasing value of medical records.
“Most forums selling health care data tend to be more specialized than carding forums where payment card information is sold,” Grant explained, “Stolen health care data forums operate more like drug cartels, where health records are not sold outright, but rather used to buy and sell addictive prescriptions.”
With the move towards digitization of medical records from small practices to large hospital networks, proper cyber security training is imperative for all employees who have access to a computer in the workplace.
What Value Does Health Care Information Hold?
From hospitals to health insurance agencies, the information collected from patient to patient can be valuable to both the hacker on a monetary level, and for their many customers seeking access to free drugs, and the creation of fraudulent insurance policies.
Not only is patient information of value, but cyber criminals also look to gather employee information to create fake identification, allowing for purchases of expensive medical equipment and pharmaceuticals to be resold on the black market.
“Health insurance credentials are especially valuable in today’s economy because health care costs are causing people to seek free medical care with these credentials,” explained Angel Grant.
While modern health care organizations often do have strong IT departments in place, it seems their focus is less on the threat of a cyber-attack, and more on the implementation of digitized patient records and pharmaceutical systems.
Yet, as the devastating numbers are publicized after major attacks like that of Excellus, some organizations are beginning to take any action possible, in the best way they know how.
At the height of growing cyber-attacks against the industry and its workers, ModernHealthcare elaborated on what measures hospitals and the like are now beginning to take to better protect themselves.
“These available wares include legal services, security consultancy, training, system testing, cyber insurance, security software that runs on and defends computer systems, and remote-hosted software and services that can include fully staffed security operation centers that provide computerized and human watchdogs on the lookout for cyberthreats 24/7.”