Healthcare Data – Your Greatest Personal Security Risk

Earlier this year, following the announcements of cyber attacks on insurers Anthem and Premera Blue Cross that exposed millions of customers’ sensitive data, the Washington Post declared 2015 “the year of the healthcare hack.” Experts warned that it would only get worse. In May, CareFirst announced that it had also become a victim of a sophisticated cyber attack. And in June, U.S. officials confirmed that Chinese hackers—believed to be the same group behind the Anthem attack—had breached the computer system of the Office of Personnel Management, compromising the personal data of some 4 million current and former federal employees.

Reports from the Department of Health and Human Services reveal that the protected health data of more than 120 million people has been compromised in more than 1,100 separate breaches at organizations since 2009. And cyber attacks cost businesses as much as $400 billion a year, estimates the British insurance company Lloyd’s.

Even more troubling than these statistics is the fact that many, if not most, of these breaches were preventable.

Why does this keep happening?

While data breaches at major retailers like Target and Home Depot made headlines last year and fueled consumers’ fears, the greater threat may be in healthcare. Health organizations are targets for hackers because they maintain troves of data with significant resale value in black markets, Dave Kennedy, the chief executive of TrustedSEC, told theWashington Post.

Whereas credit cards can be canceled and reissued quickly, healthcare profiles may contain important information that is not so easily changed—such as Social Security numbers and medical history. The potential damage from this data being exposed is huge. The risks include everything from health insurance and tax fraud to having patients’ sensitive diagnoses such as HIV or mental health issues made public.

Earlier this year, the IRS disclosed that more than 330,000 Americans had fallen victim to a massive data breach in which hackers filed fraudulent returns and walked away with millions of dollars in tax refunds. The most alarming part is that the hackers didn’t use sophisticated malware or social engineering tactics. Instead, they used personal data likely obtained from the Anthem and Premera hacks to sidestep the IRS’ Knowledge-Based Authentication.

Healthcare organizations are especially vulnerable to attacks since their security practices are often less sophisticated than other industries. Some rely on legacy systems, many of which have been neglected, poorly maintained, or not brought up to current standards. And some have not invested in cyber security at a rate that matches the urgency of the threats they face, Kennedy said. "The medical industry is years and years behind other industries when it comes to security."

That needs to change. Evidence suggests that cyber security spending is already on the rise. Market research firm Gartner says global spending on IT security is set to increase 8.2 percent in 2015 to $77 billion, and the world will spend $101 billion on information security in 2018.

What can you do to protect your organization’s data and customers?

Healthcare, like many other industries, is experiencing a revolution driven in large part by technology and consumers who are more aware, engaged, and responsible for their own health than ever before. The consumerization of healthcare is driving consumer-focused initiatives such as leveraging big data, cloud computing, telemedicine, and social media, which could provide dramatic improvements in healthcare and possibly transformational reductions in costs.

With those changes, however, come risks. Vulnerabilities where hackers can get in are everywhere, from software to social media. According to a hotly debated report by security firm GFI, Apple's Mac OS X is the most vulnerable operating system, with the iOS platform coming in second. During 2014, a total of 147 vulnerabilities were reported for OS X, with 64 of those being rated as high.

Alcatel-Lucent’s Motive Security Labs estimates that last year 16 million mobile devices worldwide have been infected by malicious software—or “malware” —used by cybercriminals for corporate and personal espionage, information theft, banking and advertising scams, and more, according to the recent Cybersecurity Market Report from Cybersecurity Ventures.

Also on the rise are ransomware attacks in which hackers encrypt or block access to files, demanding payment from victims to release them. These types of attacks are up 165% in the first quarter of 2015, and have targeted businesses and law-enforcement agencies, reports McAfee Labs.

Experts note that cyber security is a matter not just of technology and software, however, but how people use them. Human behavior is inherently insecure. Most people use the same password for everything and rarely change it. Phishing scams trap millions of email users annually. And social media has become one of the biggest targets for hackers. In 2013,hackers stole usernames and passwords for nearly two million accounts at Facebook, Google, Twitter, Yahoo, and other social networks.

Healthcare-Specific Solutions

High growth in the adoption of cloud computing, virtualization, and electronic medical records in healthcare mean data management and security are top priority. The team at The Canton Group has extensive experience building HIPAA-compliant technologies including websites, mobile applications, patient portals, electronic medical record software, and even embedded systems. The Canton Group is well-versed in systems integration and software engineering for healthcare using a diverse set of platforms.

Regardless of what type of healthcare product, service, or research you provide we can ensure a customized and user-friendly web system that will keep your patients' information safe. Contact us today to find out more about how The Canton Group can help your organization.