- Scott Walker wore jeans for sexual assault awareness, and Twitter is reminding him of his misogynist past 4 Years Ago
- Hacked Lime scooters make sexual comments to riders 4 Years Ago
- ‘Bonding’ squanders its potential with weak jokes and limp structure Today 2:49 PM
- The safest place for ‘Game of Thrones’ memes is in the crypts Today 2:23 PM
- Report: Fortnite developer Epic Games is working employees into the ground Today 1:57 PM
- Damian Lillard’s game-winning 3-pointer inspired a plethora of memes Today 12:17 PM
- Gamers are blaming socialism for making the women in Mortal Kombat ‘ugly’ Today 11:36 AM
- Nickelodeon is selling SpongeBob toys based on popular memes Today 11:25 AM
- Alex Jones protests outside the White House by shouting the name of his website Today 11:13 AM
- ‘I Think You Should Leave with Tim Robinson’ has an absurd conclusion for every scenario Today 10:52 AM
- Twitch star TF Blade banned for racial slur—but he swears he didn’t say it Today 10:43 AM
- Steve King says backlash to white nationalism comment was like what Jesus went through Today 10:23 AM
- Netflix movies are still eligible for Oscars, Academy rules Today 10:21 AM
- Sheriff’s deputy makes homophobic comments on Facebook after gay teen’s suicide Today 10:02 AM
- The Marvel movies you actually need to see before ‘Avengers: Endgame’ Today 9:10 AM
If last year was the year of the data breach, 2015 might be the year the healthcare hack takes center stage.
2014 was a year defined by cyberattacks. Major hacks at Home Depot, Target, and Sony left millions of consumers’ data exposed and revealed troves of embarrassing industry secrets. But if last year was the year of the data breach, 2015 might be the year the healthcare hack takes center stage.
While much ado has been made over compromised data at major retailers and financial institutions, much less has been reported concerning data security in the healthcare industry. This oversight should raise flags, because healthcare has proven far less secure than even the beleaguered retail and financial sectors.
“The vulnerability to medical data is huge, there’s a huge potential cost to breaches,” says Daniel Fabbri, CEO of Maize Analytics, a software developer that helps streamline HIPAA audits. “And there’s expectation that the curve for the number of breaches is going to increase over time.”
2014 already saw record growth in both the number of breaches and the number of stolen documents resulting from those breaches, according to the Identity Theft Resource Center’s annual Breach Reports. In fact, breaches at healthcare institutions accounted for over 42 percent of similar incidents in all fields last year, which is more than the total number of breaches in the business and banking/finance sectors combined.
And the boom in stolen medical data shows no signs of losing steam. Experian’s Data Breach Industry Forecast states that it also expects breaches in the healthcare sector to increase. The report also notes that the security systems the industry has in place are not as resilient as those in the finance and retail sectors. So what are we going to do about it?
The lure of your health data
Part of the reason breaches in the healthcare sector have received less attention than those affecting other industries is because they have typically resulted in fewer stolen records. But this has begun to change as the economics of cyberattacks shift, making stealing from hospitals more attractive to would-be data thieves.
Credit card information has become far less valuable as the black market has flooded with credit card numbers over the past several years. Medical records often contain more valuable information and allow criminals much longer lead times to deploy stolen information before they are stopped, says Ann Patterson of the Medical Identity Fraud Alliance.
“The word that comes to mind is ‘shattered.'”
Patterson also sees the industry’s problem in part as a cultural one. “You go to a bank, you see a poster about [protecting your financial information]. When was the last time you went to a hospital or a doctor’s office and saw a poster about protecting your medical information? It’s just not in the forefront for us as much,” Patterson said.
Research bears out Patterson’s concerns over the lack of awareness of security issues in the healthcare industry. According to an October White Paper from the CSID, 85 percent of small hospitals feel their systems limit the risk of a data breach, yet one third of those hospitals spend 10 percent or less of their IT budgets on protecting patient’s data.
It should go without saying that lost or stolen medical data can have a major impact on its victims. Medical Identity Theft now claims roughly 1.8 million victims in the U.S. every year, according to the Experian report. And the results can be devastating.
“The word that comes to mind is ‘shattered’,” said Barbara Filkins of the SANS Institute in an email to the Daily Dot when asked about the impact of identity theft on an affected individual. “You hear about the individuals who have been compromised, who lose the ability to get care or financial credit, who can’t reverse the changes to their record, who are refused a job, who have children’s services come after their baby—the list goes on.”
It gets worse before it can get better
There are a number of factors that suggest Healthcare breaches are going to be even more common in the near future.
Jan. 1, 2015 was the deadline for healthcare organizations to implement digital record keeping in order to continue receiving funding from Medicaid and Medicare under the American Recovery and Reinvestment Act of 2009. This provision may have had the unintended consequence of pushing medical organizations, particularly smaller ones, to transition to digital record keeping before ensuring proper safeguards were in place to protect the newly available data.
“I would think that crime rings will be shifting to the healthcare sector.”
Patterson also believes the Affordable Care Act could be a factor in a potential uptick in data breaches, “simply because way more people now are going to be insured, which means there are way more records.”
Healthcare providers may also be targeted more frequently as security continues to improve in other sectors, says Patterson. She expects data thieves to persist in preying on healthcare institutions at a disproportionate rate because of measures put in place in more technologically savvy industries, like financial services, that discourage hackers.
Until hospitals implement better security, she says, “I would think that crime rings will be shifting to the healthcare sector. What we see, what we have always seen with criminals, is they jump channels. Whichever channel is easiest for them to [steal from].”
Despite all these disadvantages, most believe healthcare will eventually find solutions to its security and privacy woes. “The first step is awareness but the second step is learning how to take that awareness,” says Filkins, and “develop best practices around privacy and security that can be integrated into the needed workflows, and then apply them. This latter step is going to take time but has to happen.”
Photo via Fotos GOVBA/Flickr (CC By 2.0)
Alex La Ferla is a writer, artist, and architect living and working in New York City. His work for the Daily Dot focused on internet culture.