Healthcare Data Breaches on the Rise

By Martha Vazquez

With legislation like the Affordable Care Act, the need for digital healthcare is expanding. These devices that are connecting to healthcare organizations will need to protect the patient’s health and other pertinent data information. These legislations are forcing healthcare organizations to implement technologies that help manage patient data information, but data security must be addressed.

For example, this month, health insurer Premera Blue Cross admitted that 11 million customer records were hacked during a security breach last year. The breach was found January 29th, but the intrusion actually occurred in May of 2014. The company is now just reporting the cyberattack, which stole customers’ names, emails, phone and social security numbers, as well as medical claim and bank account information. In fact, this followed after Anthem, another healthcare insurer, exposed 79 million records, and Community Health Systems, a large hospital group, fell victim to a cyberattack resulting in the loss of 4.5 million patients’ data including social security numbers and other personal data.

Data breaches are on the rise. Because of this, Gemalto produces publically available information around data breaches throughout the world and then aggregates that information within a database called the Breach Level Index. According to the Index’s latest report, 1,023,108,267 records were breached in 2014, and recorded 1,541 number of breach incidents. The report showed a 78% increase of breached records from 2013 and a 46% increase in data breaches. This is unsettling, particularly when you consider that the healthcare sector alone had the most breaches in 2014 with 391.

Breaches that occurred in 2014 have shown a loss of identifiable information such as a name, social security number, and address, which is opposite of what we have seen in the past, which included credit card information. We are now seeing a shift from stealing financial information to identity theft. Unfortunately, identity theft is much harder to find out than if someone was using your credit card information. For example, if someone takes a loan out in your name, likely you will not find out about it for a while. We are seeing this shift in data breaches because financial institutions are more prepared to recognize a data breach than the healthcare industry.   

With the healthcare industry becoming a target for cybercriminals, healthcare organizations will need to rethink their security risks more than ever as more medical devices and wearables are being used in this sector. Compliance has always been a strong driver for implementing enterprise security, so perhaps it will be a motivating factor for hospitals and other care facilities. With these new devices constantly connecting within the healthcare sector, healthcare facilities will need to comply with the legal requirements by the Health Insurance Portability and Accountability Act of 1996 (HIPPA), The Affordable Care Act (ACA) and Health Information Technology for Economic and Clinical Health (HITECH).  

The Internet of Things is growing quickly and with more “things” becoming connected, people will continue to push new ways to make their healthcare needs more efficient, i.e. wearables and other medical devices, yet these risks should not be ignored. The healthcare segment will remain a target for data breaches, so it is critical that healthcare organizations and technology partners in the IoT space support and provide privacy and security. If organizations are not doing enough to secure their own networks, how are they going to evolve to secure the multitude of devices that are transmitting tons of patient and insurer data to their systems?