Choose your language:
Businesses in every industry and of all sizes can no longer afford to ignore or underestimate the threat posed by cybercriminals. Hackers have caused tremendous turmoil and damage to countless firms by infiltrating networks and stealing or exposing sensitive information. Perhaps the most notable recent example of such an incident was Target's data breach, which led to the theft of as many as 100 million consumers' credit card numbers and other personal information.
Yet despite high-profile incidents such as this one, Washington Post contributor Amrita Jayakumar recently asserted that the sector that should be most worried about the threat posed by hackers is healthcare. The reason, Jayakumar explained, is that healthcare data is highly coveted by cybercriminals, as it can be used to perpetrate identity theft and fraud. Organizations in this sector should therefore take robust steps to better protect their clients' data.
"If you have someone's medical records—with their name, social security number and everything else—you can commit any other kind of identity theft," said Sam Imandoust, a legal analyst at the nonprofit Identity Theft Resource Center, the news source reported.
A worrying trend
To reinforce her point, Jayakumar pointed to a recent study from the ITRC. The study found that healthcare firms experience 267 breaches in 2013. Significantly, this total accounted for 43 percent of all such attacks last year. The business sector, by comparison, was struck by 210 breaches, while financial services firms were only victimized 23 times.
Jayakumar did point out that these numbers may be somewhat deceptive due to the fact that organizations in the healthcare sector are subject to the HIPAA Breach Notification Rule, which requires them to report any breach that affects 500 or more individuals. It is therefore possible that businesses in other sectors experienced more breaches than they reported.
However, this does not reduce the sheer number of times that healthcare firms experienced information theft or exposure. The fact remains that hundreds of healthcare providers were hit by data breaches in 2013, resulting in nearly 5 million exposed records.
Obviously, the unique nature and inherent value of healthcare data has made providers targets for countless cybercriminals. Yet this is not the only reason why the sector is so frequently attacked. Additionally, these organizations typically feature less robust and effective cyberdefenses, as Jayakumar noted.
The writer pointed to a previous Washington Post report which found that many firms in the healthcare sector lagged behind other industries' standards for protecting digital data. The report warned that these organizations were therefore at risk of experience data loss, theft and exposure. As the more recent statistics demonstrated, such fears were justified.
To a large extent, these shortcomings can be attributed to the recent movement toward electronic health records (EHRs). The Health Information Technology for Economic and Clinical Health (HITECH) Act, passed in 2009, mandated that healthcare providers take concrete steps to replace paper records with EHRs. Those organizations that fail to make progress in this regard face a variety of financial and other penalties.
The continuing move toward EHRs as well as the ongoing evolution of cyberattacker strategies mean that the threat faced by healthcare organizations will only grow as time goes on. Failure to adapt will inevitably lead to more exposed records and more victimized patients.
To minimize this risk, healthcare decision-makers must make information security a priority going forward. Only by investing in high-quality tools, strategies and IT support personnel can a healthcare provider hope to remain protected in this increasingly dangerous digital environment.