The adoption of new technologies in healthcare has made the industry a prime target for cybercriminals.
Mainstream media outlets spend a good amount of time discussing the cyber vulnerabilities of small businesses and individuals but largely ignore the looming threat hackers present to healthcare organizations—and that’s a mistake.
The healthcare sector has been affected by more data breaches than any other industry including government and retail—widespread attacks started to occur in 2012 and have steadily increased ever since. In 2015 alone, a recorded 113.2 million healthcare-related records were accessed and stolen by cybercriminals and as the industry adopts new technologies, the threat continues to grow.
Cybercriminals earn handsome rewards at the expense of innocent individuals.
The healthcare sector has proven to be a lucrative source of financial gain for hackers. It is reported that complete electronic health records (EHR) can earn as much as $500,000 on the deep web and individual medical records can earn up to $5 per record. Hackers are using this information in troubling ways that inflict hardship on innocent victims as demonstrated by the short list below.
What do hackers want with your medical records?
-Fraudulent tax returns
-Illegal drug purchases and sales
-Fake Id’s, fraudulent birth certificates and fake driver’s licenses
While the healthcare industry adopts digital technologies, security budgets and resources have declined.
Digital transformation is impacting the healthcare sector and as a result, Internet of Things (IoT) technologies are starting to see widespread adoption. These innovations have allowed for the simplification of processes and overall they represent a positive transformation within the industry. That said, there is a dark-side to the growing number of connected devices implemented in healthcare: they can be hacked. Healthcare related networks and devices are easily discoverable and visible to nearly anyone. Because of this, skilled hackers have almost unlimited access and can effortlessly manipulate IoT connected devices to steal sensitive patient information.
While healthcare organizations invest loads of time and money in these new technologies, cyber security spend has seen an overall decline. Over the last few years the budgets for security in most healthcare organizations have either remained static or have declined up to 10%. In a recent survey, healthcare respondents claimed their organizations had neither increased or decreased their cyber security budgets since 2014.
The Health Insurance Portability and Accountability Act (HIPAA) too often is being ignored.
HIPAA laws were designed to protect patient data against loss or theft and the disclosure of sensitive medical information but many healthcare entities have neglected to implement even the most basic of security controls. A 2016 survey conducted by HIMSS showed that an astounding 68.1% of healthcare providers and less than half of medical practitioners use tools to encrypt patient data and are sending sensitive patient information across their networks in the clear. In the words of HIMSS, “This… leaves the door wide open to potential tampering and corruption of the data, in addition to a large potential for a breach. If a computer, laptop, thumb drive or backup were to be stolen, any person would be able to access such information.” Ignoring HIPAA regulations puts you and your patient’s information at risk and can be a very costly mistake as violations are subject to hefty fines.
Cybercrime in healthcare affects us all.
While it’s important to protect the privacy of sensitive information across the digital spectrum, more focus needs to be put on the cyber vulnerabilities of the healthcare sector. As a nation we often care more about the privacy of our text messages and social media profiles than we do our health records and personal information.
Is your healthcare organization HIPAA compliant?
Get in touch to learn how we can help to implement technologies that keep your patient’s data safe and your organization HIPAA compliant.