Healthcare: Target for Data Breach
Data breaches in Healthcare are continuously increasing since 2010, which as a result hampers the reputation of the most trusted organization. The efforts made are not enough to safeguard patient’s data. It is estimated that the healthcare industry is the top target of network hackers. In 2015, more than 720 breaches recorded influencing 193 million personal records as per 10fold communications.
Here are 2015 popular breaches:
Anthem – 78.8 million highly-sensitive patient records were breached.
Ashley Madison – 37 million users affected.
Premera Blue Cross – more than 11 million members affected.
VTech – 6 million children & nearly 5 million parent accounts affected.
Experian/T-Mobile – 15 million customers affected.
OPM – 21.5 million citizens affected
Excellus BlueCross BlueShield – 10 million members affected.
Why Healthcare? Healthcare organizations store the most prominent sensitive data of patients. Protected Health Information (PHI) records include; social security no., medical record data and date of birth. Hackers search for such data, where they can find all the essential details of a person and share the same on the black market.
“Vanson Bourne” from the FireEye commissioned conducted a survey of 2,000 U.S. individuals in April 2016 shares the public concerns for privacy. Reports revealed that 76% of respondents are willing to move their business elsewhere, 59 percent of clients are ready to file case against the company suffering from data breach if their personal data is used by criminals. 72 percent of consumers reported, they will provide minimal details.
Other key findings of the survey reported:
- 52 % of clients are ready to pay double for better security.
- 54 % of clients feel negatively for the company breached.
- 78 % of consumers doubt whether the company will be able to keep their data safe.
- 52 % of customers say security is the important factor and is mandatory.
- 90 % of clients expect that they should be informed about their data breached within 24 hours.
Survey respondents were also concerned with denial of service threats followed up by Ransomware and malware. Top concerns were cyber criminals at 45% and insecure mobile devices usage at 36%. Employee error was also the top concern (53%), use of cloud services (46%) and cyber-attacks (36%).
So, are we prepared to safeguard our data? Organizations are not immune to the breaches, but security measures can be adopted to prevent such occurrences. In 2014, Experian in its survey found, around 73% of organizations had breach response plans and to further improve plans to 81% in 2015.
In 2016, insurers and hospital networks are on the radar of hackers, as they have the opportunity for the largest payoff. Several measures are taken; more safeguards and better applications to handle such breaches. DevOps and security teams are working together to protect vital patient information. For more technical safeguards, the Medical Records Institute (MRI) includes the following points:
- Relevant Information
- Risk Assessment
- Apply Risk Management Plan
- Acquiring IT Systems and Services
- Creating and Deploying Policies and Procedures
- Developing and Implementing a Sanctions Policy
Both healthcare and non-healthcare organizations should take steps to protect PHI. Safeguarding the patient data is more important than following these compliance. It demands a technology partner with experience in securing comprehensive data with strong encryption and vigorous identity management. Also, they should have specialized teams – trained and devoted to dealing with all operational security errands identified with the basic security foundation, stages and programming, and covers all the stages from investigation to customer notification and protection. You shouldn’t have to keep checking that the service provider meets all the requirements stated in the contracts, and data protection regulations with particulars such as:
- On-site reviews
- Information of protection enactment in various states and nations
- How to handle incident management
- Data breach crisis communication management
Whether you have experienced a data breach or not, you should be prepared and choose the breach response partner that will help protect your most valuable data.