The Real Cyber Attack Risk To Healthcare Data
We’re a long way down the line from those initial money scams emanating from deepest Africa or those “amazing investment opportunity in Togo” emails that caught out a few unwary souls during the initial years of the web.
These days, cybercriminals are more steadfastly focused on harvesting information gold, like valuable healthcare data.
Healthcare data, almost like money
Hackers, cybercriminals and nation-state actors clearly identify healthcare organizations themselves as a source of assets — just the same as a bank has direct monetary assets.
Just in case you had any doubt, healthcare information has a monetary value and worth… and therefore it is at risk.
NOTE: For the record, African scam emails do still exist; so don’t let down your guard on that front either.
But in healthcare technology we see that there is a problem. The Ponemon Institute’s new Fifth Annual Benchmark Study on Privacy and Security of Healthcare Data has suggested that almost half of all data breaches in healthcare are due to criminal activity.
Employee negligence & user error
Previously, most lost (or mislaid) data in the health industry has been brought about by employee negligence and user error in relation to the use or handling of computer systems and devices.
Ponemon says that while these internal problems still exist, it has calculated that a 125% increase has occurred in healthcare data cyber attacks over the last five years.
The research body says that this shift of data breaches – from accidental to intentional – is occurring as criminals are increasingly targeting and exploiting healthcare data.
What is wrong with healthcare IT?
According to Ponemon, “Cyber criminals recognize two critical facts about the healthcare industry: 1) healthcare organizations manage a treasure trove of financially lucrative personal information and 2) they do not have the resources, processes, and technologies to prevent and detect attacks and adequately protect healthcare data.”
The upshot of this kind of data breach could be as much as $2.1 million per healthcare organization.
Loricca CEO Michael Whitcomb had this to say on the topic, “This study comes forward at an extremely pertinent time in IT security. We know that healthcare organizations often find it hard to juggle the need to stay operationally agile and at the same time shore up their data defences. With cyber attacks now coming in new and more virulent forms every day, healthcare firms need to look at their cyber defences, their incident response capabilities and their general approach to their technology stack. The risks are increasing to the protection must strengthen to match.”
A healthcare community vulnerability
The bottom line, says Ponemon, is that healthcare organizations and their business associates are a “community of organizations” that share vulnerable patient data. The researchers further state that this is a community that provides a large attack surface (with many points of access) for criminals who are becoming more adept at acquiring and exploiting personal information.
A free copy of the study referenced here is available at www2.idexpertscorp.com/ponemon.