Get Started

Contact Us

Get In Touch

Fill out the form below and we will contact you shortly.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Resources

Healthcare Organizations Are Sitting on a Patient Data Gold Mine and Hackers Know It

The healthcare industry is a treasure trove for cybercriminals — and no wonder why

Personal health information is 50 times more valuable on the black market than financial information and a stolen health record is 10-20 times more valuable on the black market than credit card information. Healthcare industry organizations protect reams of sensitive patient information: from medical records and social security numbers to financial information and other vital personal data. 

Attackers use healthcare data to create fake IDs to buy expensive medical equipment or drugs that can be resold. Another option is to file fake claims with insurers by combining a patient number with a false provider number. Since medical identity theft is harder to be discovered by a patient or their provider, attackers could utilize the data for years. On the contrary, credit cards data theft is often identified quickly by credit cards companies, banks or the other fraud detection tools used by potential victims.

Breaches are expensive, costing a healthcare provider up to $408 per patient

This threat is serious and growing. Between 2018 and 2019, the successful 8-month hacking of just one healthcare billing services vendor in the United States resulted in a data compromise of 25 million patients. There were twice as many U.S. patient record breaches in the first half of 2019 as there were in all of 2018—nearly 32 million records total and likely growing. These breaches are expensive, costing a healthcare provider up to $408 per patient to recover data and restore trust between these institutions and their patients. 

The industry is unprepared

Unfortunately, when it comes to cybersecurity, the healthcare industry is lagging behind other industries. Consider the state-of-play:

  • Over a third of healthcare workers questioned in one survey said that they had never received cybersecurity training from their workplace.
  • The healthcare industry's spending on cybersecurity infrastructure is conspicuously low compared to other industries particularly in light of the sensitive and valuable patient data they possess. On average, the healthcare industry spends half what enterprises in other market verticals spend on cybersecurity.
  • Hosting data within an insecure, public cloud environment can amplify the damaging effect of data breaches. Public cloud companies promote their platforms as a fast and easy way to store your data. However, these shared environments come with security shortcomings such as insufficient visibility into the public cloud provider infrastructure. Also, in the public cloud, you don't have exclusive control over your data - where it is and who has access to it.
  • Healthcare cybersecurity is impacted by outdated standards such as HIPAA, legacy infrastructure and a lack of experienced personnel.

The healthcare industry is low hanging fruit for hackers

Put bluntly: the healthcare industry is low hanging fruit for hackers. They understand the weakness of the healthcare cybersecurity posture and compliance standards which make the industry a lucrative target. 

Six steps organizations should take to protect patient data

In a challenging security environment, there are practical steps your healthcare organization should take to limit risk and secure patient information on the cloud: 

  1. Understand the threats.  You cannot design a plan to protect your information until you understand the nature of the specific threats that healthcare organizations face. Monitor trends and changes in the security industry. 
  2. Conduct a third-party assessment. It is important to understand the status of your system and expose any potential vulnerabilities.  A holistic, independent assessment of your network architecture and current security practices will give you a more complete picture. 
  3. Achieve a higher security and compliance posture: Determine if your cloud provider offers you comprehensive security and compliance. Benchmark these standards to the leading available standards offered in the market. It is your obligation to protect patient data. It is important that the integrity and confidentiality of your electronic patient health record (PHI) be protected with the highest level of encryption during tranmission across networs and when stored.  
  4. Have a response plan. In the event of a breach, a clear response plan is critical. The plan must include specific protocols to determine harm and quickly limit the impact of the breach.
  5. Continuously monitor your network. As connected devices become more prevalent within the organization, the network and cloud environments must be continuously monitored to identify attacks quickly and mitigate network disruptions.
  6. Test the system regularly. Conduct penetration testing exercises, social engineering exploits and mock phishing campaigns to identify potential security weaknesses. 

Healthcare organizations are required to “go beyond HIPAA

Healthcare organizations are required to “go beyond HIPAA”. Nowadays sophisticated attacks require a paradigm change. These security breaches represent a serious threat to the integrity of the healthcare industry. They are expensive, and severely damage the trust between these institutions and their patients. Confidentiality is a pillar of our healthcare system—which is why high level cybersecurity must become a top priority for the sector. 

Importance of Cybersecurity in the Healthcare Industry is Only Growing

A nation’s healthcare system is considered critical infrastructure, especially post the coronavirus crisis. Healthcare companies must understand and address cybersecurity vulnerabilities that might impact operations in day to day operations as well as in a crisis.

To protect customer data and systems integrity, companies in the healthcare ecosystem need to deploy cybersecurity best practices and regularly monitor for changing threats.  

CyLogic builds, operates and continuously monitors highly secure and dedicated cloud platforms for enterprises that require the highest level of security with total control of their data. Contact us to explore your options.

Related Posts