Security Concerns: Healthcare Data Breach
Is the healthcare industry doing enough to protect our personal information?
When we head to the doctor’s, usually the primary thing on our mind is our mental or physical health. Though we know that the medical system must keep records of our healthcare history in a digital format, few of us consider just how safe those very personal details about us are. We are more concerned with our health issue or upcoming procedure, which is understandable in most cases.
Since we trust medical professionals with our lives, it follows that we should be able to trust them with our personal data and information as well. Unfortunately, that trust is misplaced. According to experts, the state of cybersecurity and data protection in the US healthcare system is in a state of emergency. While major insurance company Anthem’s data breach in February 2015 made headlines, it is really just one of a number of major shortcomings prevalent throughout the entire healthcare system.
According to the US Department of Health and Human Services, 113 million medical records in the US were compromised in 2015, which amounts to one in three Americans being affected. In the three months of 2016 that have elapsed so far, there have already been 3.5 million breaches, a staggering number for such sensitive information. Experian reported that in 2015, data breaches cost the healthcare sector $5.6 billion.
Meanwhile, in the UK, while the NHS hasn’t reported any major breaches, Christopher Graham, the Information Commissioner, was quoted in the Financial Times as saying
That “the Health Service holds some of the most sensitive personal information available, but instead of leading the way in how it looks after that information, the NHS is one of the worst performers. This is a major cause for concern.”
It appears that the blame for these hacks can’t just be attributed to those with nefarious intentions. The healthcare industry itself has been lax and slow to update its security measures in pace with other industries. A report carried out by US mobile provider Verizon placed the healthcare industry in the top ten of industries majorly affected by data breaches. In a talk given by an info-sec expert and professor at Johns Hopkins University, Avi Rubin, remarked that after providing cybersecurity consultation in numerous industries including banking, finance, and retail, he found the healthcare sector’s “data security practices were so far below every other industry.” In addition, in the push to make patient data more available to patients, doctors and healthcare providers, the entire system has exposed itself to more vulnerabilities. In a sense, with so many more people accessing patient data there are many more targets for the phishing scams, malware, and brute force attacks which hackers use to permeate the system.
In the wake of all these data breaches, a question arises: why are hackers so eager to get their hands on this sensitive material and what exactly are they doing with it? One of the reasons that healthcare data is so appealing to hackers has to do with its worth on the “dark web”. Compared to other personal data like credit card information or other financial info, there are many fewer safeguards on healthcare information, which makes it easier to use elsewhere on the black market. In addition, instead of just getting information for one bank card, healthcare records tend to be bundled, so a hacker will be able to get personal information, medical information, and employment about a person in one single breach.
It’s clear that if the healthcare industry wants to improve its image when it comes to data protection, it needs to take serious steps to bolster its security measures. Patients want to feel safe when they go to seek treatment, not just in terms of their physical well being, but their digital well being too.
Keep your data secure at one of our Tier 4 N+1 datacenters at VPS.net