The second biggest health insurer in the US, Anthem Inc., suffered a data breach that affected 78.8 million individuals.  This is only one of the latest breaches to affect a healthcare provider and is a sign to the industry that something needs to change when it comes to security.

 

The Anthem incident involved hackers gaining access to names, dates of birth, member IDs and Social Security numbers, addresses, phone numbers, email addresses, and employment information, including income data.  Although there was no evidence that financial data and medical information had been compromised, enough information was taken to steal the identities of the affected individuals.

 

Identity theft can take a major toll on individuals causing negative repercussions to their reputation, not to mention the financial damages they might face.  According to the fifth annual Medical Identity Theft study, conducted by the Ponemon Institute, medical identity theft has increased 21.7 percent since last year.  53 percent of surveyors indicated that they thought it was very likely or likely that healthcare provider negligence contributed to medical data theft incidents. Also, when asked if they were confident in their provider’s ability to protect their information, 68 percent said they were not.

 

Healthcare organizations face increasing security risks due to the valuable data they hold. Although organizations are taking steps to strengthen their security programs, research indicates that the majority lack budget and resources to prevent or detect breaches.  Ponemon research also shows that patients and their PHI are at greater risk for medical identity theft. These risks have only increased with the adoption of mobile and cloud technology; and even though 48 percent of organizations conduct security risk assessments, only 16 percent conduct privacy risk assessments.

 

Furthermore, 73 percent of healthcare organizations still have insufficient resources to prevent and detect data breaches. Add to this the fact that 67 percent of organizations don’t have controls to prevent and/or quickly detect medical identity theft; and we see how breaches such as Anthem or CHS can occur.

 

Data breaches are an ongoing operational risk and could be costing the U.S. healthcare industry an average of $7 billion annually.  It’s time for healthcare executives to make some major changes to their security program if they wish to avoid being the next Anthem or CHS.

 

Have you implemented a security posture that keeps your organization and PHI secure from theft?

 

Photo courtesy of Brian A Jackson