Lessons Learned From Major Healthcare Breaches

Uploaded on 2016-06-30 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Health & Welfare

Huge amounts of personal health data being collected, shared & analyzed. There are more reasons to worry about patient privacy than ever.

Recent leaps in technology toward health care digitization have resulted in unprecedented amounts of personal health data being collected, shared, and analyzed on an everyday basis. Due to this proliferation in data, there are now more reasons to be concerned about patient privacy than ever. 

Despite public concerns and government’s efforts, the frequency and magnitude of privacy breaches have been on an upward trend (see figure below) and data breaches are more likely to happen in the health care industry than any other sector. In this new report, Niam Yaraghi examines the recent privacy breaches in the health care system. He uncovers underlying factors leading to these incidents, documents lessons learned, and examines how to prevent similar breaches in the future.

Yaraghi and a team of researchers conducted a series of 22 in-depth interviews with key personnel at a wide variety of health care providers, health insurance companies, and industry business associates. These interviews revealed important lessons that are generalizable across the health care industry. Yaraghi identifies and explains several reasons that the health care sector is particularly vulnerable to privacy breaches:

  • Health care data are richer and more valuable for hackers.
  • Too many people have access to medical data;
  • Medical data are stored in large volumes and for a long time;
  • The health care industry embraced information technology too late and too fast;

The health care industry did not have strong economic incentives to prevent privacy breaches; and

As Yaraghi illustrates, medical data breaches can be especially catastrophic because they contain information that cannot be changed. If credit card information gets breached resulting in an unauthorized charge, the card issuer will instantly reverse the charge, freeze the old card, and send a new one. On the other hand, most medical data includes identifiers such as social security numbers, dates of birth, and home addresses which are nearly impossible to change or reset upon a breach. Precisely because of their constant and unchangeable nature, medical data are worth more than financial data on the black market. In hopes of lessening the catastrophic nature of such attacks, Yaraghi makes the following policy recommendations to better protect patient privacy and prevent breaches:

Health care organizations should prioritize patient privacy and use the available resources to protect it

The Office of Civil Rights (OCR) should better communicate the details of its audits

Health care organizations should better communicate with each other

OCR should establish a universal HIPAA certification system
The health care sector should embrace cyber insurance

Brookings Inst

« Enhanced Attribution: An Engine To Identify Hackers
What Might ‘Brexit’ Mean For Cybersecurity In The UK? »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Planit Testing

Planit Testing

Planit is a leader in Quality Assurance and a specialist in software testing and training services.

ZeroFox

ZeroFox

ZeroFox safeguards modern organizations from dynamic security risks across social, mobile, surface, deep and dark web, email and collaboration platforms.

Heimdal Security

Heimdal Security

Heimdal Security provides proactive protection against cyber threats including ransomware, exploit kits and financial malware.

CyFIR

CyFIR

CyFIR is a network investigation and Incident Response tool for performing live computer investigations across any size enterprise.

Pyxsoft PowerWAF

Pyxsoft PowerWAF

Pyxsoft PowerWAF responds to the problem of business cybersecurity. We protect our clients' websites and data against attacks and exploitation of all kinds of vulnerabilities.

Redhorse

Redhorse

Redhorse provides top-tier consulting to help clients address mission-critical government problems in National Security, Networking Technology, Energy and the Environment.

Safe Systems

Safe Systems

Safe Systems provide compliance centric IT services for community banks and credit unions, ensuring that they are kept up to date on current technologies, security risks, and regulatory changes.

VanishID

VanishID

VanishID (formerly Picnic) is a gritty, pioneering team of intelligence and cybersecurity specialists focused on solving the security challenge of our time - social engineering.

Aite-Novarica Group

Aite-Novarica Group

Aite-Novarica's Cybersecurity practice provides ongoing research and advisory services to chief information security officers focused on protecting their companies’ assets.

Gatefy

Gatefy

Getfy is a cybersecurity company specialized in artificial intelligence and machine learning. We work to solve challenging issues, especially those involving email security.

Telesystem

Telesystem

Telesystem empowers businesses across the USA with a range of innovative network, communication and collaboration solutions.

Cranium

Cranium

Cranium are an international consultancy organisation specialised in privacy, security and data management.

Infoline Tec Group Berhad

Infoline Tec Group Berhad

Infoline Tec Group Berhad is principally involved in providing IT infrastructure solutions, cybersecurity service provider and solutions, managed IT and other IT services.

BluTinuity

BluTinuity

BluTinuity is a premier management consulting firm with a passion for information security, business continuity, incident response, disaster recovery, and HIPAA security.

Couno

Couno

Couno is a trusted provider of IT support services throughout the UK and Europe.

HyperSphere

HyperSphere

HyperSphere Data Protect is a patented technology establishing the world’s first cyberstorage solution designed to make data resilient against AI and quantum threats.