Over the past decade, due in large part to convenience, efficiency and government regulations, the healthcare industry has moved steadily towards digitization of data. In many parts of the country health care providers, insurers and others associated with the industry have moved vast amounts of patient and customer data to massive information systems that contain extremely sensitive information. This makes health care sector cybersecurity more important than ever.
Organizations across the healthcare sector choose Threatcare to validate their cybersecurity. Threatcare, the leader in proactive cyber defense, simulates threats to systems — enabling users to verify that they are protected. This is done through the Threatcare Suite, which includes a BAS (Breach and Attack Simulation) platform among many other defense in depth validation tools.
As you might imagine, these systems have become very lucrative targets for information thieves. In fact, by 2016, one report suggested that 1 in 13 patients will have their health records stolen thanks to breaches of healthcare provider data. Industry consultant Accenture said in a 2016 report noted that over the next five years, cyber attacks and theft will cost just hospitals more than $305 billion. Additionally, a study by the Brookings Institute predicted that one in four data breaches that same year involved the healthcare industry.
The same study noted that since late 2009, medical information on more than 155 million Americans had already been exposed, against their will, thanks to some 1,500 breaches.
This research clearly shows that healthcare sector cybersecurity is important; the industry itself is vulnerable to breaches. Part of the reason for the vulnerability is that government regulations under the Affordable Care Act drove health care operations to adopt electronic health records (EHR) before they were ready to adequately invest in security.
While data stolen from other information systems, like banks, is dated and virtually useless after a breach is found (because passwords and other access information is changed), healthcare information, which includes both personal identities and medical histories, live a lifetime in most cases.
Health care records contain Social Security numbers, home addresses, and patient histories, and cyber criminals steal the information so they can turn around and sell the data for a premium — to marketers, firms, and even health-related enterprises.
That gives hackers a major incentive, then, to heist medical data by targeting healthcare information systems. Because of regulations, healthcare organizations are required to store medical data for many years. That alone increases the probability of a breach and the potential severity of the consequences.