Data breaches at Target and Neiman Marcus last year served as a wake-up call for retailers and customers alike to shore up their data protection. But health care organizations have been slower to follow suit. Earlier this year the FBI warned the industry that it’s particularly vulnerable to cybersecurity threats compared with other sectors.
It’s a costly problem for health service providers. The Ponemon Institute estimates that data breaches cost the industry about $5.6 billion annually. Health care employees’ mission is to deliver quality care, but that priority now involves measures to protect the increasing amount of digital patient information that they generate.
Health data’s high price tag
When hackers gain access to individuals' credit card information, they resell it on black markets, typically for $1 or $2, according to cybersecurity firm Dell SecureWorks. Health-related data, on the other hand, is far more valuable. Health insurance credentials sell for about $20. When criminals pair health information with other identity data, they can fetch $1,000 or more for the package, according to Dell.
The information is more valuable for several reasons. First, breaches can go unnoticed for long periods of time. Credit card information expires almost immediately. Financial institutions cancel cards at the slightest suspicion of theft and reissue new ones. It can take weeks or months for a patient to learn that his or her medical information was compromised. In the meantime, crooks can use the information to create fake identities, or illegally obtain prescriptions and medical services, according to Dell. These situations inflict permanent damage. “Your Social Security number and personal health record don't change,” Rick Kam, founder and president of fraud prevention firm ID Experts, tells CNBC. “They have a long shelf life."
Addressing the human factor
Health care organizations list employee negligence as the biggest threat to security, according to a report from Ponemon Institute and ID Experts. Most data breaches are caused by sloppy practices like lost laptops that contain unencrypted patient information.
“The people in the health care industry are good people who sometimes do stupid things, and that is the source of a lot of the problems," Larry Ponemon, chairman and founder of the Ponemon Institute, tells CNBC. "They're trying to get their work done, they feel under pressure, they're in the business of caring for patients, and they don't want to waste time to do more security or take that extra step to protect privacy."
While technology helps health care organizations secure mobile devices and protect sensitive data that is stored in the cloud, addressing insider risks requires education, the report concludes: “Training and awareness programs should be conducted at every level of the organization to reduce the negligent employee risk.”
[Image via Can Stock]
Acronis is a Swiss company, founded in Singapore. Celebrating two decades of innovation, Acronis has more than 2,000 employees in 45 locations. Acronis Cyber Protect solution is available in 26 languages in over 150 countries and is used by 18,000 service providers to protect over 750,000 businesses.