Health Care Sector Cybersecurity
Over the past decade, due in large part to convenience, efficiency and government regulations, the health care industry has moved steadily towards digitization of data. In many parts of the country health care providers, insurers and others associated with the industry have moved vast amounts of patient and customer data to massive information systems that contain extremely sensitive information. This makes health care sector cybersecurity more important than ever.
Organizations across the health care sector choose Threatcare to validate their cybersecurity. Threatcare, the leader in proactive cyber defense, simulates threats to systems — enabling users to verify that they are protected. This is done through their Violet platform, a BAS (Breach and Attack Simulation) technology.
As you might imagine, these systems have become very lucrative targets for information thieves. In fact, by 2016, one report suggested that 1 in 13 patients will have their health records stolen thanks to breaches of health care provider data. Industry consultant Accenture said in a 2016 report noted that over the next five years, cyber attacks and theft will cost just hospitals more than $305 billion. Additionally, a study by the Brookings Institute predicted that one in four data breaches that same year involved the health care industry.
The same study noted that since late 2009, medical information on more than 155 million Americans had already been exposed, against their will, thanks to some 1,500 breaches.
This research clearly shows that health care sector cybersecurity is important; the industry itself is vulnerable to breaches. Part of the reason for the vulnerability is that government regulations under the Affordable Care Act drove health care operations to adopt electronic health records (EHR) before they were ready to adequately invest in security.
Why target health data?
While data stolen from other information systems, like banks, is dated and virtually useless after a breach is found (because passwords and other access information is changed), health care information, which includes both personal identities and medical histories, live a lifetime in most cases.
Health care records contain Social Security numbers, home addresses and patient histories, and cyber criminals steal the information so they can turn around and sell the data for a premium — to marketers, firms and even health-related enterprises.
That gives hackers a major incentive, then, to heist medical data by targeting health care information systems. Because of regulations, health care organizations are required to store medical data for many years. That alone increases the probability of a breach and the potential severity of the consequences.