Healthcare

More than 113 million records have been stolen worldwide.
90% of Healthcare Corporate Executives say they are not prepared for a major attack.

 

The healthcare industry will be faced with new, more sophisticated attacks in the coming years. More than 113 million records have been stolen from hospitals and healthcare facilities around the world. Healthcare data routinely contains insurance details, social security numbers, billing information and diagnosis codes. Medical identity theft is big business and is much harder to identify by the patient, meaning that unlike credit cards, the fraudsters can continue to profit from the stolen data for several years after the initial hack takes place by obtaining credit cards, loans, committing tax fraud or sending fake bills to insurance providers. Reports this year surfaced of hackers ransoming hospital records for as little as $15,000. The low amounts increase the chances of the ransom being paid exponentially. According to industry journal *Modern Healthcare*, almost one in eight Americans have had their medical records compromised in some way.

 

  • Ransomware was the dominant cybersecurity threat in healthcare this year and, as always, several high-profile surveys were released–including a joint one by Nasdaq and Tanium. Included in the survey was the startling admission that 90% of corporate executives said they can’t read a cybersecurity report and aren’t prepared to handle a major attack.
  • Health data breaches are costing the U.S. healthcare industry an estimated $6.2 billion, according to the Ponemon Institute.These breaches are costly for healthcare as it as among the heavily regulated industries that usually have a higher per capita cost of a data breach than the overall mean ($221). A stolen electronic health record (EHR) cost the average business $355 in 2016.
  • Theft of “hard” intellectual property increased 56 percent in 2015. “Hard” intellectual property refers to records that can directly hurt either a consumer or a business. Many data breaches are soft, meaning that the hacker obtained the records, but was not able to use the information or do any damage. This sharp rise in harmful breaches puts a stronger emphasis on the need for security.

Health care records are so valuable that attacks on health information technology (health IT) systems have increased 125% over the last 5 years. In fact, stolen patient data can be worth up to 50 times more than a Social Security or credit card number due to the numerous types of fraud that can result from information contained in a medical record. Unfortunately, 4 out of 5 health care providers and payer executives say their health IT systems have been compromised by cyberattacks.

``How to Improve your Cybersecurity Practices`` -American Medical Association

In 2016, a survey found that the 535 healthcare organizations surveyed averaged almost one cyberattack per month over the past 12 months. Moreover, 48% of the IT and IT security practitioners polled said that their organizations experienced an incident involving the loss or exposure of patient information during this same 12 months. Just one-third said they would rate the cybersecurity at their organization as very effective.

``The State of Cybersecurity in Healthcare Organizations`` -The Ponemon Institute

Many hackers specifically target small dental offices because they believe small businesses don’t have the resources for sophisticated security devices and do not enforce employee security policies. Dental practices are becoming targets for cyber criminals more frequently. These offices hold a vast amount of data, including names, health histories, addresses, birthdates, social security numbers, and even banking information of hundreds, if not thousands, of patients. The threat of this information being stolen by a staff member or a cyber criminal is great, and dental practice owners must address this concern before a theft creates a legal nightmare for the practice.

``Cyber Security New Necessity for Dental Practices`` -Stuart Oberman