In 2014, more than 1 billion records worldwide were breached as a result of 1,541 incidents – that’s an increase of 78% over 2013. These are statistics from a report released by Gemalto, a global provider of digital security solutions. Moreover, although data breaches occurred all over the world, the U.S and Canada lead with 1,164 incidents. Among the industries hit are retail, financial services, educational institutions, government entities – and healthcare, which leads with 391 incidents in 2014.
Health organizations had 29,384,567 data records compromised, with the average records lost per breach for the industry at 75,152 compared with 49,000 in 2013. This is even before Anthem’s data breach. Moreover, as technology enters the medical arena to improve healthcare, cyber criminals are targeting the sector increasingly more. The reason is obvious: Healthcare data is detailed, rich, and full of information that cyber criminals can use for identity theft and fraud. Plus, according to security experts, it takes far longer for patients to know their information has been compromised. When a credit card, for example is stolen, algorithms in the financial industry pick up unusual activity very quickly and systems often automatically provide protection. These same protections don’t yet exist in healthcare.
What’s even more disconcerting is that the cyber attacks on the medical industry are becoming more sophisticated with the ability to expose patient data of real concern. “Cyber criminals have developed entire malware platforms that can be customized to attack healthcare organizations, according to Perry Hutton, regional director at network security solutions provider, Fortinet Africa. “Today, everything from heart monitors to infusion pumps can be networked, automatically interfacing with electronic health record systems and providing real-time alerts to healthcare providers. From the perspectives of patient care and operational efficiency, this is a good thing. From a security perspective, it’s a potential nightmare.”
Most of these devices, as well as magnetic resonance imaging machines, CT scanners and countless other diagnostic machines, were never designed with security in mind, according to Hutton. “Many diagnostic systems use off-the-shelf operating systems like Microsoft Windows while other devices use purpose-built software designed to collect data not keep it safe. Too many of these devices are eminently hackable and, once compromised, can provide hackers with unfettered access to the clinical data systems within which they interface.”
Moreover, it’s not only patient data that’s vulnerable through connected devices. Cyber criminals and terrorists could potentially manipulate machines to intentionally harm patients or shut down critical systems in hospitals and other medical facilities.
The recent Anthem breach as well as others such as Community Health Systems with 4.5 million records in identity theft, and the State of Texas Department of Health & Human Services with 2 million records in identity theft, underscore the need for the healthcare industry as a whole to be proactive and begin implementing systems with security baked in, protected at both the network and application levels. Also important is having an insurance program that includes comprehensive Cyber Liability insurance to help cover the expenses that result from such a breach.
Caitlin Morgan is ready to assist you in helping to protect your insureds in the event of a cyber breach. We provide medical facilities with Cyber Liability Insurance to cover legal and forensic expenses, patient notification, crisis management, credit monitoring, business interruption, fines and other costs. Give us a call at 877.226.1027 to discuss how we can help protect healthcare facilities from this significant exposure.
Sources: IT Web, Gemalto