This is an original article written by Alpine Security.
The number of healthcare cybersecurity breaches is on the rise with tens of millions affected in larger breaches, but hackers may target even regional insurers, smaller healthcare facilities, pharmacies, and individual physician’s offices. These breaches put medical facilities, insurers, and practitioners in the hot seat because they are liable for the security of the information they gather.
PROTECTED HEALTH INFORMATION IS INVALUABLE
When there’s a data breach of this type, Protected Health Information (PHI) is at risk. The Department of Health and Human Services defines PHI as “individually identifiable health information” that is transmitted or maintained in physical form or via electronic media. It includes:
The three most common locations of PHI theft are hospitals, urgent care clinics, and pharmacies.
WHY CYBERCRIMINALS TARGET HEALTH DATA
It’s not usually the medical information itself that entices cyberthieves - it’s the identifying data. PHI includes names, addresses, Social Security numbers, employment information, date of birth, and images of vital documents like drivers’ licenses and insurance cards.
With that info in hand, identity thieves have everything they need to wreak havoc. Victims of data breaches often ditch their doctors, change insurers, and hire lawyers to sue those they feel are responsible for not protecting their PHI. This can be problematic for all those in the healthcare industry.
According to consulting firm Accenture, at least one in four consumers have had PHI stolen in a healthcare cybersecurity breach. What’s more stunning is that half of those who had data stolen fell prey to identity theft and paid, on average, $2,500 in out of pocket costs as a result.
Thieves use stolen data to obtain fraudulent health care, commit medical fraud, or get prescription drugs, but mostly, to steal identities. In short, cybercriminals steal healthcare data solely for profit. And rather than getting rarer, healthcare cybersecurity breaches are growing in frequency.
TOP 5 HEALTHCARE CYBERSECURITY BREACHES
How are data thieves illicitly accessing healthcare information? Scammers use phishing emails, weaponized ransomware, and misconfigured cloud storage buckets, among other tactics. As cybersecurity protections evolve, so do the hackers as they find newer and more creative ways to steal PHI and put everyone, from patients to practitioners, and everyone in between at risk.
Rated by the number of records stolen, the five biggest healthcare breaches of all time are:
#5 Community Health Systems (2014)
#4 UCLA Health (2015)
#3 Excellus BlueCross BlueShield (2015)
#2 Premera Blue Cross (2015)
#1 Anthem (2015)
If your PHI does wind up on the black market after a data breach, your electronic health record could sell for $1.50-$10, according to CSO. But don’t let that reasonable price fool you. The average profit per stolen record is $20,000 if the buyer can commit medical billing fraud, identity theft, and other shady activities.
About 90% of physicians maintain electronic health records. With roughly 326 million people in the US, that means there are roughly 293 million records at risk of breach. If you add up all these top five breaches, that’s 109 million records which equates to nearly 40% of all medical records in existence, assuming none of the breached files overlapped.
Healthcare security breaches continue to be problematic for insurers, practitioners, and everyone in the industry. Attempted attacks numbers in the millions each day and, unlike other industries, roughly 58% of intrusions are the result of insider error or misuse, says a healthcare data breach study by Verizon. Are you ready?
View the original article here.
How are you protecting your data?
IMEC is partnering with Alpine Security to bring you an interactive Cybersecurity workshop. The Cybersecurity experts at Alpine Security will present on tangible steps to detect and prevent cyber attacks.
Learn more about the workshop and register here:
Common Cybersecurity Attacks: Tangible Steps for Prevention and Detection
August 14, 2018 | 9:00 am - 3:00 pm
Rockford, IL
Questions about this event? Please contact Emily Lee at elee@imec.org or 309-677-4633.