Healthcare: Why It’s a Prime Target for Hackers
When it comes to information security, the healthcare sector is seeing some challenges.
The healthcare sector is the most targeted and plagued by persistent attacks from numerous unknown malicious hackers, according to a 2016 report by the Institute for Critical Infrastructure Technology’s (ICIT).
Last year in the U.S. alone over 112 million people had their medical records stolen.
The Healthcare ‘Wall of Shame’ displayed 253 healthcare data breach incidents (only those affecting at least 500 individuals are published).
Redspin, which also published a breach report on protected health information in 2015, showed breaches increased almost 900% from 2014 to 2015.
Unfortunately, healthcare data security doesn’t seem to be getting any better. In 2016, 1 in 3 healthcare recipients will become victims of a healthcare data breach, according to the IDC’s Health Insights group forecast in a Forbes article.
Why is healthcare such a prime target for hackers?
Dollar value: Healthcare records go for a premium on the black market. In fact, one industry expert said in-depth dossiers of bundled financial, identification, and health information can sell for more than $1,000 each.
Easy picking: Even though the Health Insurance Portability and Accountability Act (HIPAA) was designed to protect patients against loss, theft or disclosure of personal information, the statistics suggest that healthcare providers are still more focused on saving lives than on protecting information.
Dated networks: In the Forbes article, a spokesperson for a security intelligence company said that many healthcare organizations have antiquated hardware and software, which makes information more vulnerable to cyber attacks.
Electronic health records: Healthcare providers are converting their patient records to electronic records, and this makes accessing information available more convenient when different health professionals are involved in patient care. But thieves see digital patient records in a vulnerable healthcare system as attractive bait.
Leadership issues. There’s a lack of qualified cyber security professionals in all sectors including healthcare. Experts recommend that information security is multi-layered, and there's a dedicated security team.
Internet of Things (IoT): The IoT will increase access to diagnostic testing, comprehensive treatment, and preventative care. But these devices are network connected, and they expand the cyber threat landscape.
Employees: Many industry experts say that people are the weakest link in the security equation. Some of the largest breaches have been traced back to spear phishing attacks. A 2015 Clearswift survey showed that 40% of companies expect to experience a data breach resulting from employee behavior.
Healthcare providers are urged to budget more time and resources to protecting patient information. Below are some tips:
- Develop information security policies and procedures that are compliant with industry privacy laws.
- Implement a corporate culture of security with commitment from the top down.
- Invest in technology that provides continuous prevention, detection and breach response.
- Introduce a document management process that protects confidential data from creation (for example, a Clean Desk Policy, passwords, two factor authentication, access controls) to end-of-life (partner with an information security leader with secure chain of custody protocols for hard drive disposal and other safeguards).
- Provide on-going employee training.
Secure document destruction is just one aspect of healthcare data security and workplace privacy protection.