More than 113 million records have been stolen worldwide.
90% of Healthcare Corporate Executives say they are not prepared for a major attack.
The healthcare industry will be faced with new, more sophisticated attacks in the coming years. More than 113 million records have been stolen from hospitals and healthcare facilities around the world. Healthcare data routinely contains insurance details, social security numbers, billing information and diagnosis codes. Medical identity theft is big business and is much harder to identify by the patient, meaning that unlike credit cards, the fraudsters can continue to profit from the stolen data for several years after the initial hack takes place by obtaining credit cards, loans, committing tax fraud or sending fake bills to insurance providers. Reports this year surfaced of hackers ransoming hospital records for as little as $15,000. The low amounts increase the chances of the ransom being paid exponentially. According to industry journal *Modern Healthcare*, almost one in eight Americans have had their medical records compromised in some way.
- Ransomware was the dominant cybersecurity threat in healthcare this year and, as always, several high-profile surveys were released–including a joint one by Nasdaq and Tanium. Included in the survey was the startling admission that 90% of corporate executives said they can’t read a cybersecurity report and aren’t prepared to handle a major attack.
- Health data breaches are costing the U.S. healthcare industry an estimated $6.2 billion, according to the Ponemon Institute.These breaches are costly for healthcare as it as among the heavily regulated industries that usually have a higher per capita cost of a data breach than the overall mean ($221). A stolen electronic health record (EHR) cost the average business $355 in 2016.
- Theft of “hard” intellectual property increased 56 percent in 2015. “Hard” intellectual property refers to records that can directly hurt either a consumer or a business. Many data breaches are soft, meaning that the hacker obtained the records, but was not able to use the information or do any damage. This sharp rise in harmful breaches puts a stronger emphasis on the need for security.