Although we all applaud the massive push towards electronic health records (EHRs) and the digitization of medical information, there are some very tangible cybercrime data breach threats that exist which could topple the momentum gained by the launch of the Health Information Technology for Economic and Clinical Health Act (HITECH) two and half years ago. Two recently released reports (Verizon’s Data Breach Investigations Report and FireEye’s Advanced Threat Report) suggest that the proportion of healthcare data breaches is rising fast, the largest majority targeting patient personal and payment information (including patient health and insurance data) that attackers can directly or indirectly use to make a profit. The reports point to an urgent situation developing for healthcare facilities to strengthen their data security defenses and adopt a common sense, evidence-based approach to managing security. (Side note – you can find a great infographic illustrating healthcare data breaches by state here).
It’s clear to many of us that adopting an EHR system and encouraging more patient engagement through digital communication channels is and will continue to be beneficial for the healthcare industry to ultimately improve quality of care and drive down costs. As the healthcare industry inches closer to full scale digitization, as patients we often overlook the fact that our personal data is just as susceptible to cyber theft as it is in other industries (think financial services, and retail for example). Those who acknowledge the risk of having their information stolen probably feel that data is most susceptible to being swiped at a hospital or large medical facility, which as it turns out isn’t the case (more on this in the next section). It is important for us to be as diligent to protect our identity and safeguard our data in healthcare as it is when we perform online banking or engage in e-commerce.
Healthcare Data Breaches Centered on Point of Sale (POS) Systems
Although Verizon reported that healthcare data breach incidents were only 7% of the overall amount (reports vary widely based on datasets used in research – this infographic on healthcare fraud for example indicates that healthcare was the most security breached industry in 2011), they pointed out that the proportion of these breaches are increasing every year and:
“the largest majority are focused on small to medium businesses and outpatient care facilities like medical and dental offices.”
Facilities hardest hit tend not to be the large hospitals or medical centers, but instead the smaller doctor’s and specialists offices, seeming counterintuitive to the types of businesses that data thieves normally prey upon.