The health care industry’s security system is apparently in need of major repair.
Two reports surfaced recently offering evidence of cybersecurity issues in the industry. While one report notes stolen health care information isn’t nearly as valuable on the black market as is financial industry data, thieves can still get key personal information by breaching a health care database.
Perhaps the more alarming of the two reports was issued by SecurityScorecard, a provider of security risk information. The company summarized its findings in its 2016 Healthcare Industry Cybersecurity Report this way: “Security breaches in this industry pose devastating consequences because they can render an entire system or network inoperable, creating a life or death situation that needs immediate attention.”
Ouch!
How bad is the industry’s security network? SecurityScorecard rates its system almost at the bottom of 18 different industry segments for adequacy of social engineering, the barometer for whether a security system has been developed to prevent breaches. Only hacking and malware lead to more breaches than social engineering — and it appears less attention is being paid to social engineering as a cyberthreat.
The report says there has been 22 “major public [data] breaches” in the health care field since August 2015. Not only have these breaches put confidential patient information at risk, but they have resulted in litigation against the breached organizations.
Key findings from the SecurityScoreboard report include:
-
More than three-quarters of health care industry providers have been hit with a malware attack in the last year
-
Medical treatment centers were a favored target of ransomware, with 96 percent of those organizations reporting a ransomware incident;
-
Nine in 10 health care manufacturers reported a malware infection;
-
Health care ranked fifth among the industries studied in the number of ransomware incidents;
-
Over half of the health care industry got a grade of C or lower on SecurityScorecard’s Network Security ranking.
The second report, by Intel’s McAfee Labs division, attempts to place a value on stolen health care information.
The report says basic individual health data isn’t worth much on the street — anywhere from a fraction of a cent for data byte to a couple bucks and change. But what the thieves are mostly doing is phishing in the health care data base waters for more valuable data, like social security numbers, account numbers and birthdates.
Those are far more valuable, and the hackers simply find health care data bases easier to penetrate than financial institution systems.
Alex Heid, chief research officer for SecurityScorecard, told McClatchyDC that hospitals are especially good targets for data thieves because of their generally poorly constructed systems.
“Hospitals have a lot of data that is similar to the financial sector: Social Security numbers, account numbers and credit card numbers,” Heid says. “People can use compromised health care records for Medicare fraud.”
Complete your profile to continue reading and get FREE access to BenefitsPRO, part of your ALM digital membership.
Your access to unlimited BenefitsPRO content isn’t changing.
Once you are an ALM digital member, you’ll receive:
- Breaking benefits news and analysis, on-site and via our newsletters and custom alerts
- Educational webcasts, white papers, and ebooks from industry thought leaders
- Critical converage of the property casualty insurance and financial advisory markets on our other ALM sites, PropertyCasualty360 and ThinkAdvisor
Already have an account? Sign In Now
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
Dan Cook
Dan Cook is a journalist and communications consultant based in Portland, OR. During his journalism career he has been a reporter and editor for a variety of media companies, including American Lawyer Media, BusinessWeek, Newhouse Newspapers, Knight-Ridder, Time Inc., and Reuters. He specializes in health care and insurance related coverage for BenefitsPRO.
