Expect more, bigger healthcare breaches
The potential cost of breaches for the healthcare industry could be as much as $5.6 billion annually, according to a new report from Experian, a global information services firm. The report is Experian's second annual data breach forecast across industries.
For healthcare, the forecast is stormy.
Expect persistent and growing threats, Experian warns.
The report points as catalysts, the expanding number of access points to protected health information, or PHI, and other sensitive data via electronic medical records and the growing popularity of wearable technology makes the healthcare industry a vulnerable and attractive target for cybercriminals.
[See also: Data breach readiness continues to underwhelm.]
"We expect healthcare breaches will increase – both due to potential economic gain and digitization of records. Increased movement to electronic medical records and the introduction of wearable technologies introduced millions of individuals into the healthcare system, and, in return increased, the potential for data breaches," the report notes.
"Healthcare organizations face the challenge of securing a significant amount of sensitive information stored on their network, which combined with the value of a medical identity string makes them an attractive target for cybercriminals," the authors add. "The problem is further exasperated by the fact that many doctors' offices, clinics and hospitals may not have enough resources to safeguard their patients' PHI. In fact, an individual's Medicare card – often carried in wallets for doctors' visits – contains valuable information like a person’s Social Security number that can be used for fraud if in the wrong hands. Currently, we are not aware of any federal or law enforcement agency which tracks data on SSN theft from Medicare cards, but the problem is widely acknowledged."
This year, Reuters reported that the FBI released a private notice to the healthcare industry warning providers that their cybersecurity systems are lax compared to other sectors.
According to the Ponemon Institute, 72 percent of healthcare organizations say they are only somewhat confident (32 percent) or not confident (40 percent) in the security and privacy of patient data shared on HIEs.
[See also: Data attacks on healthcare flying high.]
The takeaway? "Healthcare organizations will need to step up their security posture and data breach preparedness or face the potential for scrutiny from federal regulators. Reported incidents may continue to rise as electronic medical records and consumer-generated data adds vulnerability and complexity to security considerations for the industry.