Health-Related Data a Top Target for Hackers

Since September 2009, there have been 1,282 data breaches involving the healthcare community, according to the official figures of the US government. During these attacks, the private health information (PHI) or some 143.3 million patients has been stolen. However, in 2015 alone, 70 percent of these victims’ information ended up in the wrong hands during just five attacks, 55 percent of which occurred in a single hacking instance: that of Anthem, which leaked the records of 79 million individuals. Clearly, medical records are under attack. Why? More importantly, what can be done about it?

Why Healthcare Info is Such an Attractive Target

Medical records are rich in personal information. People typically share far more about themselves, their families, and their lives with their health care providers than with any other entity. Health records contain information on the individual as well as their families, finances, lifestyles, occupations, and much more. This information is highly valuable to identity thieves. Sometimes, the hackers intend to use the information to commit identity theft themselves, but more often they are hacking the information in order to sell it on the black market to other identity thieves. This information is extraordinarily valuable on the black market, such as the deep web.

Why Hackers are Having Such an Easy Time of It

Unfortunately, the reason there have been so many highly successful breaches involving healthcare information is because healthcare organizations are simply not taking security seriously. Most healthcare organizations fail to dedicate the resources necessary to cyber security, even when they launch initiatives that make the data available via the Internet. Furthermore, few healthcare organizations have the experts on hand to assure good monitoring and to develop solid policies for detecting and addressing data breaches.

In fact, most of the breaches that have happened this year involving healthcare organizations involved hackers exploiting vulnerabilities that had been widely known for a year or more. Even a basic vulnerability assessment would have detected these vulnerabilities and allowed the organizations to address the vulnerabilities and safeguard the information. Clearly, what healthcare organizations are currently doing is not working.

What Healthcare Organizations Need to Do Now

How can healthcare entities turn things around? First, they need to realize that just because a database is HIPAA compliant does not mean it is impenetrable. What the organization does after the remediation is essential for assuring data security. Healthcare organizations need to invest in the right data storage infrastructure, aka, one that carries enterprise-grade security features. Additionally, they need to employ the right people with knowledge and experience in data security. These experts will be able to guide the organization into the right steps, such as data encryption, methods of authenticating system users to assure they are authorized to access data, and setting up the right monitoring solutions for detecting anomalies in database actives that might indicate a data breach.

Security experts warn that 2015 is going to get nothing but worse in terms of hack attacks. Healthcare organizations have no time to waste in securing their data to prevent further breaches.