Healthcare to be 'plagued' by data breaches in 2015

Coming year will see a 'persistent and growing threat' of compromised data and medical identity theft
By Mike Miliard
11:58 AM
Share
Alert

The risk of experiencing a data breach "is higher than ever," according to Experian's second annual industry forecast, which shows how the "consistently high value of healthcare data on the black market" means there will be little respite from risk-fraught landscape.

[See also: Cybersecurity cold war is on]

Nearly half of organizations across all industries were hit by at least one security incident in the past 12 months, according to the report, which has spurred 48 percent of organizations to invest in security technologies and 73 percent to develop data breach response plans. Cyber insurance policies are another important new strategy, more than doubling in popularity, from 10 percent in 2013 to 26 percent in 2014.

The C-suite "can no longer ignore the drastic impact a data breach has" on an organization's reputation, says Experian officials. Coupled with the fact that consumers are "demanding more communication and remedies" after a breach occurs, healthcare organizations must put preparedness front and center.

[See also: Compliance isn't everything]

There's also the not-insignificant fact that the "potential cost of breaches for the healthcare industry could be as much as $5.6 billion annually," according to the report.

Experian sees some disquieting trends for 2015 on the security front. Among them:

  • More hackers will target cloud-based data, with an increase in breaches involving the loss of usernames and passwords. "We expect this increase in hackers targeting online credentials such as consumer passwords and usernames to gain keys to the castle, with the likelihood that compromising one record can often give access to all sorts of other information stored online."
  • Business leaders will held to higher standards. "It is clear that security can no longer be viewed as just an IT issue," according to Experian. "In 2015, scrutiny of corporate leadership’s management of security may continue to increase in the form of legal and regulatory action after a major incident."
  • Employees will could be a threat. "Although businesses will increase focus on security protocols against external hackers this year, we predict that many will miss the mark on protecting against insider threat."
  • The Internet of Things is expanding the risk. As more devices feature Wi-Fi capabilities and sensors, and more organizations adopt interconnected systems and products, 
"cyber attacks will likely increase via data accessed from third-party vendors."

Experian singles out healthcare as one industry ripe for more havoc with its data, noting that the "expanding number of access points" to protected health information via electronic health records – coupled with the increasing popularity of wearable wellness technology – makes healthcare a "vulnerable and attractive target for cybercriminals."

Indeed, say Experian officials, "several factors suggest the healthcare industry will continue to be plagued with data breach headlines in 2015."

As more and more patient information is digitized, and the value it all makes it more attractive to cybercriminals, the challenges is compounded by the fact that "many doctors’ offices, clinics and hospitals may not have enough resources to safeguard their patients’ PHI," according to the report.

Meanwhile, medical identity theft is an ongoing worry, according to Experian, as cybercriminals "looking to capitalize on a bigger payout may continue to target the healthcare industry for access to patients’ protected health information." Such theft has now claimed more than 1.8 million U.S. victims, granting hackers the ability to gain medical services, procure drugs, and defraud private insurers and government benefit programs, according to the report.

"Medical identity theft is a serious threat that needs to be prioritized by healthcare organizations, regulatory groups and consumers," said Ann Patterson, senior vice president of the Medical Identity Fraud Alliance, in a press statement. "There is no single solution for fraud prevention, meaning we must take a collaborative approach to solving the issue. Industry and government must work together to develop holistic strategies pertinent to the fight against fraud, and consumers should take an active role in advocating for system wide reform."