Most Healthcare Data Breaches Criminal Attacks
The healthcare industry is experiencing a surge in data breaches, security incidents, and criminal attacks—exposing milllions of patients and their medical records—according to the latest Ponemon Institute study, the "Fifth Annual Benchmark Study on Privacy & Security of Healthcare Data,” which was sponsored by ID Experts®.
The study reveals that criminal attacks in healthcare are up 125% since 2010 and are now the leading cause of data breach. The findings also show that most healthcare organizations are still unprepared to address this rapidly changing cyber threat environment and lack the resources and processes to protect patient data.
Nearly 45% of data breaches in healthcare are a result of criminal activity. The percentage of criminal-based security incidents is even higher; for instance, 78% of healthcare organizations had web-borne malware attacks. Yet, only 40% of healthcare organizations are concerned about cyber attacks.
SEE ALSO : Keeping Your Patient Data Safe & Healthy
A criminal attack is the deliberate attempt to gain unauthorized access to sensitive information, usually to a computer system or network, resulting in compromised data. Criminal attacks are often referred to as cyber-attacks, but can also include malicious insiders and/or paper medical files. Medical records are greatly susceptible to threats and fraudulent activity because of the value of their information and because they are accessible at many points. The study indicates that medical files, as well as billing and insurance records, are the top stolen targets.
According to the FBI, criminals are targeting the information-rich healthcare sector because individuals' personal information, credit information, and protected health information (PHI) are accessible in one place, which translates into a high return when monetized and sold.
Among key findings from the Ponemon study:
- 91% of healthcare organizations had one data breach
- 39% experienced two to five data breaches
- 40% percent had more than five data breaches over the past two years.
- 59% of business associates experienced data breaches;
- 14% experienced two to five data breaches;
- 15% experienced more than five data breaches over the same period.