2015 won’t go down in history as one of the brightest moments in healthcare, as it was more notable for serious data breaches than for medical advancements and innovations. For the first half of 2016, it looked like things were easing up somewhat, until right at the midpoint, when a hacker announced their successful theft of some 9.3 million patient records. Ouch.
Though information on these breaches is still streaming in, so far 48 data breaches involving patient medical records have occurred due to unauthorized access, another 43 due to hacking or network incidents, 37 due to loss or theft, and 4 due to the improper disposal of medical records. Hackers know there’s big data at medical facilities, and they’re tapping into the loot.
Why are medical records so hotly targeted? Well, it has to do with black market prices. Stealing a credit card number means you get very limited access to a finite amount of money for a short period of time. Once the theft is discovered, the card is cancelled and it’s of no more value to the thief or buyer. Healthcare information, on the other hand, is a rich source of the type of big data that holds its value. Social security numbers, for instance, can be used over and over again. On the black market (the Dark Web), a credit card number sells for $1 to $2. Healthcare records sell for $20 to $200 each.
Aside from the value of the information in health records, there are some other reasons that hackers frequently target healthcare organizations to nab their big data. Here are the reasons behind the surge in healthcare data breaches.
Systems are Outdated
The past few years have brought major changes to healthcare. The Affordable Care Act followed by numerous changes in insurance regulations and coverage, combined with an economy that just simply refuses to completely recover … Well, hospitals, doctors, clinics, and other medical facilities have had more on their minds than getting new software and computer systems. Hence, the ones in use are typically outdated. Systems built just a few years ago are simply not enabled with the high-level tools and technologies needed to stop today’s well-funded and highly-motivated hackers.
Processes are Manual and the Work is Slow
Another hallmark of an older system is that it lacks much of the automation that is inherent in most of today’s medical software. Healthcare IT processes, including security, are notoriously manual. Manual means slow. Slow means hacking tools are working furiously to do harm, while IT is still manually digging through system and network data to find the attack. The data is stolen or corrupted before IT even realizes they’re there. Game. Set. Match.
Many Healthcare Organizations Think HIPAA Compliance is the Goal of Security
Though HIPAA is designed to enforce the security of medical documents, it sometimes has the opposite effect. For example, many organizations believe that HIPAA compliance is the sum total of what they are responsible for in terms of big data security. They don’t realize that HIPAA regulations fall very, very short of what’s required for good security in today’s cyber environment. Other organizations mistakenly believe that since they handle only the financial stuff and not actual medical records that they aren’t obligated to be HIPAA compliant. Still more think they can pass the responsibility and liability to a cloud service provider — again, this isn’t the case. Nonetheless, these factors actually make HIPAA compliance less capable of protecting the sensitive information of patients.
The only way that the flood of data breaches targeting healthcare are going to cease is through investments in newer technologies and the realization that hackers are here and here to stay. Until healthcare steps up its cyber security game, their big data has a big target on its back.
To learn even more about big data and how it is used and regulated across industries, follow us on Twitter.