Due to the number of mega breaches that have occurred and because their data is a favored target for criminals, the healthcare industry has taken a lot of heat on information security lately.  Unfortunately for healthcare CEOs and CIOs, this trend is not going to go away any time soon.

 

A recent study on data breach conducted by Trend Micro shows that the healthcare industry is responsible for more data breaches than any other sector in the past decade (due to missing devices and untrustworthy insiders).

 

  • More than one-quarter (26.9%) of the data breaches reported since 2005 were in healthcare; followed by education (16.8%), government (15.9%), and retail (12.5%).

 

The report also found that from January 2005 to April 2015 overall data breach causes were:

  • 41% lost devices
  • 25% hacking and malware
  • 17.4% unintentional disclosure (not including lost devices)
  • 12% insider leaks

 

What’s even more concerning with breaches and the healthcare industry is that 60% of their breaches were due to lost devices (only 7% were caused by hacking).  Also, insider leak is a big problem for healthcare organizations.

 

  • 17.5% of breaches were due to insider leak, which were the source of identity theft cases (44.2%) and once again, healthcare was hit the hardest, accounting for 29.8% of identity theft cases.

 

Criminals look to steal personally identifiable information (PII), health information, financial data and payment card data to sell or use for identity fraud.  Healthcare data can contain all of that information, while financial or educational data might be limited in what they have on file.  This makes healthcare data the biggest target for insiders and hackers.

 

  • If health data is stolen there’s a 72.74% chance that PII was stolen too, but only a 20.79% chance that financial data was also stolen.

 

When we look at the value of PII data on the black market, although it has dropped down from $4 to $1, it’s still a high target due to what criminals can do with the information once obtained.  Furthermore, health information and medical records are second to passwords in their value.

 

  • Health information and medical records are valued at $59.80, while passwords are valued at $75.80.
  • Also important to note, the study shows that healthcare information and medical records were valued higher by American customers at $82.90 when compared to what European and Japanese customers valued it.

 

With this bit of information, it becomes quite obvious why the healthcare industry really needs to step up their information security game.  With the number of solutions CIOs and CEOs can turn to in order to implement a holistic security posture, it’s concerning to see inaction.  The sooner healthcare executives become proactive in their security measures, the sooner they can hope to avoid a breach crisis.

 
When was your latest security risk assessment or what measures are you taking to have eyes on your data assets?

 

Photo courtesy of Rafal Olechowski