According to a Ponemon Institute study (Sixth Annual Benchmark Study on Privacy & Security of Healthcare Data) released in May 2016, 90% of all healthcare organisations have ‘dealt with a data breach in the past two years‘.
As we know, data breaches appear to be on an upward trend for a number of reasons, including the greater reliance on digital means of storing and accessing information, as well as because data breach reporting is often mandatory in many countries, and the rules are being tightened.
This latest research doesn’t make for comfortable reading at all…
Under the U.K.’s Data Protection Act (DPA), there isn’t a legal obligation for organisations that hold personal data to report data breaches in all circumstances. However, when the EU General Data Protection Regulation comes into force in May 2018, mandatory data breach reporting may be on the horizon.
This latest study suggests that breaches are becoming more common and more expensive. Cybersecurity researchers suggest that breaches are costing the healthcare industry up to $6.2 billion (£4.8 billion); a staggering amount.
Why is medical data being targeted by hackers?
It’s widely known that, when hospitals and GP surgeries are being attacked, medical records are a target. With medical records becoming more and more digitised these days, the avenues open to cyber-attackers to steal information have increased.
Medical records contain a wealth of information about an individual – all sorts of highly personal and medical data – which is why they’re commonly referred to as ‘treasure troves‘. Cyber-attackers can use this information to blackmail people or the healthcare organisations… They’ll even commit fraudulent activity such as applying for credit or securing prescription drugs by using the stolen information.
Medical information is more at risk of being stolen when it’s digitised, as many healthcare systems are outdated or lack the defences to properly repel attacks. By comparison, stealing credit card information can sometimes be less profitable for cyber-attackers when compared to stealing medical data.
According to International Business Times, cyber-hackers are willing to pay up to 20 times more for health information than they are for credit card information. Credit card companies have also implemented sophisticated fraud detection systems which medical record systems commonly lack.
Cost of cybersecurity
According to the Ponemon study, organisations have increased their expenditure in technology and security budgets. However, this doesn’t seem to have impacted the effectiveness of organisations’ cybersecurity, as 50% of healthcare organisations say they “have little or no confidence that they can detect all patient data loss or theft.”
Of those who haven’t invested in additional cybersecurity measures, the study reports that many organisations actually lack the money and resources to protect their data.
Regardless of size, no healthcare organisation is immune from a data breach. They must invest in order to keep their patients’ personal data safe. Though employee negligence and the use of employee-owned technological devices are threats to data security, cyberattacks remain a primary concern for healthcare organisations as Ransomware, Malware, and Denial-Of-Service (DOS) attacks are the top cybersecurity threats to healthcare organisations in 2016.
The vulnerability of healthcare organisations:
- Some 69% of healthcare organisations believe they’re more vulnerable to a data breach than any other industry
- Some 67% of healthcare organisations admitted that they were more alert to an imminent data breach as a result of well-publicised data breaches in the healthcare industry
But surely it shouldn’t take several breaches for a healthcare organisation to realise that they should beef-up their cybersecurity; it should be second nature.