Healthcare data breaches and cybersecurity - why health data and how to protect it?

Healthcare data breaches are increasing year over year. According to the Ponemon Institute’s Fifth Annual Study, cyberattacks in healthcare have increased by a factor of 125% since 2010.

But why Healthcare data is so desired?

It is valuable on the black market because it often contains all of an individual’s personally identifiable information, as opposed to a single marker that may be found in a financial breach.

A healthcare record may be valued at up to $250 per record on the black market, compared to $5.40 for the next highest value record (a payment card).

Because of the desirability of the data and the lure of monetary gain it is important that this security threat not be underestimated by the Healthcare Industry and that steps are taken to safeguard this data. Often these attacks see hundreds of thousands of patient data compromised or stolen by those with malicious intent.

Usually the stolen data includes names, birth dates, social security numbers, diagnosis codes and billing information, which is used to create fake IDs to buy medical equipment or drugs that can be resold. Also it is possible to combine a patient number with a false provider number and file made-up claims with insurers.

Medical identity theft is often not immediately identified by a patient or their provider, giving criminals years to milk such credentials, this is also the reason why medical data is more valuable than credit cards, which tend to be quickly canceled by banks once fraud is detected.

But hacking is not the only means through which medical information are compromised, sometimes healthcare workers steal data, while in other cases, friends or family members use a person’s health insurance information to obtain fraudulent or fake medical claims.

The reason why healthcare data is increasing its vulnerability to Cyberattacks?

The first reason Is linked to the fact that hackers are getting smarter, the increase of hospital support of electronic health records and the fact that the healthcare industry has been slower to digitize than other industries. At the same time, cybercrimes and hackers have become more sophisticated.

With the increase of hackers and cybercrimes, it is time for healthcare organizations to secure themselves. Below are some business and technical considerations organizations should address to mitigate the risk and damage, of a cyberattack:

• Regularly perform audits of existing security infrastructure before they spiral into larger issues.

• Establish a cybersecurity strategy - First, organizations shall identified gaps and their severity to develop and implement detailed policies. Second, organizations should provide defense at every network access point, to protect all types of sensitive data. Finally, organizations should implement effective controls, processes, and rapid-response mechanisms to establish a culture of vigilance, instill good habits regarding digital security, and expedite action when a breach occurs.

• Adopt a culture of full transparency in communication - A lack of communication, or poor communication, between upper management and IT about the importance of cybersecurity can significantly damage reputation if a breach occurs. There are also other stakeholders involved in securing a network, including vendors, suppliers, and contractors. Transparent communication is the key to success.

• Encrypt data at every stage.

• Implement data-centric protection of valuable data  so even if hackers get in, the information captured will not disrupt business continuity.

• Implement real-time threat intelligence and protection. With increasing new threats, healthcare organizations should use threat intelligence to secure unexpected application, data, and user behaviors.

• Test data backup and disaster recovery capability.

• Deploy anti-ransomware/phishing malware solutions.

• Establish multi-factor authentication and account access management policies.

• Adopt cloud-based technology - Cloud technology beats traditional on-site systems in storage, scalability, ease of data access, flexibility, investment, and data security. In short, cloud-based software offers top-notch security, virtually zero downtime, faster data-recovery mechanisms, and 100 percent availability of data.

To conclude, healthcare IT departments must be prepared to threats and to immediately respond to it; which requires assessing company policies and identify areas of weakness to increase protection. Additionally IT professionals shall look at external relationships and work to shore up all potential weaknesses in these third party relationships. 

Regards,

DCA