Data breaches in the healthcare sector are also getting larger – with five of the eight largest health data breaches reported since 2010 (those with more than 1 million records compromised) occurring in the first six months of 2015, IBM’s report said.
Why cybercriminals attack healthcare more than any other industry – Naked Security
While the average cost of a data breach across all industries was $3.8 million in 2014 – up 23% from 2013 – the the cost per record in the healthcare sector was $363 per record breached, more than twice the overall average of $154 per record.
Why cybercriminals attack healthcare more than any other industry – Naked Security
In February, the Hollywood Presbyterian Medical Center in California was hit by ransomware, which forced the hospital to shut down all of its computers and depended on fax machines and paper records for a week.
Rather than lose all its patient medical records, the hospital decided to bite the bullet and paid the ransomware crooks 40 bitcoins, or about $17,000, to restore the hijacked files.
Although ransomware cybercrooks tend only to be interested in data for the ransom value, healthcare data is becoming more lucrative for cyberthieves who sell the data on the black market.
As IBM explained, health records contain a wealth of information that can be used for medical identity theft and fraud:
[Health records] typically contain credit card data, email addresses, social security numbers, employment information and medical history records – much of which will remain valid for years, if not decades. Cyberthieves are using that data to launch spear-phishing attacks, commit fraud and steal medical identities.
The healthcare sector is also an appealing target for cybercriminals because the industry’s approach to cybersecurity is behind the times.
Earlier this year, Sophos conducted a survey of IT decision makers across multiple industries in six countries, finding an alarming laxity in many organizations’ approach to data security.
Our survey found that the healthcare sector had one of the lowest rates of data encryption, with only 31% of healthcare organizations reporting extensive use of encryption, while 20% said they don’t use encryption at all.
Other studies have shown that the healthcare industry lacks a culture of security.
A Sophos survey of National Health Service (NHS) organizations in the UK found that encryption was “well established” in just 10% of them; while a 2016 study of hospital cybersecurity found that patient health records are “extremely vulnerable” because of a lack of focus on cyberattacks and insufficient training.
Beyond data breaches perpetrated by hackers, health data is frequently exposed through accidental loss, device theft and employee negligence.
And it’s not just hospitals, doctors’ offices, and insurance companies that are failing to protect healthcare data – private employers frequently leave their employees’ private healthcare information unencrypted.
Click here to read the original article.
You must be logged in to post a comment Login