Lessons Learned From Major Healthcare Breaches

Huge amounts of personal health data being collected, shared & analyzed. There are more reasons to worry about patient privacy than ever.

Recent leaps in technology toward health care digitization have resulted in unprecedented amounts of personal health data being collected, shared, and analyzed on an everyday basis. Due to this proliferation in data, there are now more reasons to be concerned about patient privacy than ever. 

Despite public concerns and government’s efforts, the frequency and magnitude of privacy breaches have been on an upward trend (see figure below) and data breaches are more likely to happen in the health care industry than any other sector. In this new report, Niam Yaraghi examines the recent privacy breaches in the health care system. He uncovers underlying factors leading to these incidents, documents lessons learned, and examines how to prevent similar breaches in the future.

Yaraghi and a team of researchers conducted a series of 22 in-depth interviews with key personnel at a wide variety of health care providers, health insurance companies, and industry business associates. These interviews revealed important lessons that are generalizable across the health care industry. Yaraghi identifies and explains several reasons that the health care sector is particularly vulnerable to privacy breaches:

  • Health care data are richer and more valuable for hackers.
  • Too many people have access to medical data;
  • Medical data are stored in large volumes and for a long time;
  • The health care industry embraced information technology too late and too fast;

The health care industry did not have strong economic incentives to prevent privacy breaches; and

As Yaraghi illustrates, medical data breaches can be especially catastrophic because they contain information that cannot be changed. If credit card information gets breached resulting in an unauthorized charge, the card issuer will instantly reverse the charge, freeze the old card, and send a new one. On the other hand, most medical data includes identifiers such as social security numbers, dates of birth, and home addresses which are nearly impossible to change or reset upon a breach. Precisely because of their constant and unchangeable nature, medical data are worth more than financial data on the black market. In hopes of lessening the catastrophic nature of such attacks, Yaraghi makes the following policy recommendations to better protect patient privacy and prevent breaches:

Health care organizations should prioritize patient privacy and use the available resources to protect it

The Office of Civil Rights (OCR) should better communicate the details of its audits

Health care organizations should better communicate with each other

OCR should establish a universal HIPAA certification system
The health care sector should embrace cyber insurance

Brookings Inst

« Enhanced Attribution: An Engine To Identify Hackers
What Might ‘Brexit’ Mean For Cybersecurity In The UK? »

ManageEngine
CyberSecurity Jobsite
Check Point

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

CyberArk Software

CyberArk Software

CyberArk is an established leader in privileged access management and offers the most complete set of Identity Security capabilities.

Agenci

Agenci

Agenci are specialists in cyber security and information security and deliver ISO 27001 Certification.

Redspin

Redspin

Redspin provide penetration testing, security assessments and consulting services.

Westminster eForum

Westminster eForum

Wesrtminster eForum runs a series of conferences on matters relating to the UKs Digital Strategy. Topics include Smart Cities and Cyber Security.

ActiveCyber

ActiveCyber

ActiveCyber is a source for news, reviews, learning, and technological innovation in the active cyber defense industry.

RKH Specialty

RKH Specialty

RKH Specialty, part of the Hyperion Insurance Group, is a provider of specialty insurance services including Cyber Risk cover.

Mitre ATT&CK

Mitre ATT&CK

MITRE ATT&CK™ is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations.

Wolf Hill Group

Wolf Hill Group

Wolf Hill Group, a Slone Partners company, is a national recruitment firm focused on Cybersecurity.

JobStreet.com

JobStreet.com

JobStreet is one of Asia’s leading online employment marketplaces in Malaysia, Philippines, Singapore, Indonesia and Vietnam.

Arkphire

Arkphire

Arkphire provide solutions across every aspect of IT to help your business perform better.

KryptoKloud

KryptoKloud

KryptoKloud offer a suite of Managed Services including Security Monitoring and Incident Response as well as a full portfolio of Compliance, Governance and Audit solutions.

Commonwealth Scientific & Industrial Research Organisation (CSIRO)

Commonwealth Scientific & Industrial Research Organisation (CSIRO)

CSIRO is Australia's national science agency. We solve the greatest challenges through innovative science and technology.

Stacklok

Stacklok

Stacklok are an Open Source first security company enabling safe Open Source Software consumption.

Framework Security

Framework Security

With Framework Security, you get more than a consultancy; you get a partner dedicated to simplifying cybersecurity and protecting your business in the most efficient way possible.

Pointsharp

Pointsharp

Pointsharp delivers software and services that help organizations secure data, identities, and access in a user-friendly way.

NSW IT Support

NSW IT Support

NSW IT Support: Your exclusive hub for comprehensive Business IT services in Sydney. Our skilled team ensures seamless technology solutions nationwide, consistently delivering top-tier IT support.