Light Dark
March 3, 2016 By Fran Howarth 3 min read
Data Protection
Healthcare

Breaches and identity theft involving medical data are on the rise. According to the Ponemon Institute, criminal attacks in health care have increased by 125 percent since 2010 and are now the leading cause of medical data breaches. The study also found that 91 percent of health care organizations have experienced at least one data breach, costing more than $2 million on average per organization. The American Action Forum estimated that medical breaches have cost the U.S. health care system more than $50 billion since 2009.

Medical records are extremely valuable to thieves, with such data sold for an average of $363 per record, which is much higher than for credit card data. Additionally, compromised bank cards can quickly be canceled, thus limiting the potential damage, whereas medical data cannot be so easily destroyed.

Medical Information Is Widely Shared

One factor that complicates the problem is that medical data passes through so many hands. Researchers at Carnegie Mellon University told The New York Times that a typical patient’s medical data can be accessed by at least 30 people and organizations, ranging from physicians to pharmacies, insurers and even pharmaceutical companies.

Whereas medical data was once stored in paper form, the increased use of electronic health records has vastly improved the ease with which data can be transmitted or accessed in storage. According to one recent report from the Information Security Media Group, 68 percent of patients stated they were not confident that their medical records were safe from loss or theft.

Use the Necessary Access Control Safeguards

Since not all medical breaches are caused by theft — they could be the result of an inadvertent error, for example — every organization should put in place stringent policies and procedures governing access to sensitive data. These measures should ensure that all staff are thoroughly trained in what is expected of them and implement sanctions for noncompliance.

This requirement is included in HIPAA’s security rule, which also mandates that organizations periodically assess the effectiveness of those policies and procedures. Employees and partner organizations should be required to report any suspected or actual breaches they encounter so that swift action can be taken.

Organizations should also ensure they have appropriate technical safeguards in place to protect medical data. Role-based access controls should be implemented by all health care organizations that need to access data, and they must be regularly reviewed and audited. Strong authentication mechanisms will help to ensure only authorized parties can access sensitive medical data.

Access control technologies will help organizations pinpoint all those who have accessed data that has been breached no matter what entity within the health care sector they work for. Given the number of entities that need to access medical information, all data being transmitted should be encrypted.

Monitoring Technologies Lock Down Medical Data

Monitoring technologies that are capable of capturing all user data across all networks and applications should be implemented, including applying advanced analytics capabilities to sift through data feeds to uncover actionable intelligence. The system should provide real-time alerts for suspicious behavior so that action can be taken as quickly as possible. It should also record all data flows so that there is a trail that can be followed in the event of a data breach.

Since medical data is so valuable to thieves and the potential damage to individuals is so great, it is vital that controls and safeguards are in place to ensure data is protected throughout the health care ecosystem. This will make it much easier to investigate which party was responsible for the breach and therefore which organization is responsible for notifying the individuals whose data has been exposed.

With the financial impact of a breach so high, it is important that the party responsible be quickly and accurately identified.

Read the complete IBM research report: Security trends in the healthcare industry

 |  | 
Fran Howarth
Senior Analyst, Bloor Research

More from Data Protection
December 3, 2024

Third-party access: The overlooked risk to your data protection plan

3 min read - A recent IBM Cost of a Data Breach report reveals a startling statistic: Only 42% of companies discover breaches through their own security teams. This highlights a significant blind spot, especially when it comes to external partners and vendors. The financial stakes are steep. On average, a data breach affecting multiple environments costs a whopping $4.88 million. A major breach at a telecommunications provider in January 2023 served as a stark reminder of the risks associated with third-party relationships. In…

November 19, 2024

Communication platforms play a major role in data breach risks

4 min read - Every online activity or task brings at least some level of cybersecurity risk, but some have more risk than others. Kiteworks Sensitive Content Communications Report found that this is especially true when it comes to using communication tools.When it comes to cybersecurity, communicating means more than just talking to another person; it includes any activity where you are transferring data from one point online to another. Companies use a wide range of different types of tools to communicate, including email,…

November 8, 2024

SpyAgent malware targets crypto wallets by stealing screenshots

4 min read - A new Android malware strain known as SpyAgent is making the rounds — and stealing screenshots as it goes. Using optical character recognition (OCR) technology, the malware is after cryptocurrency recovery phrases often stored in screenshots on user devices.Here's how to dodge the bullet.Attackers shooting their (screen) shotAttacks start — as always — with phishing efforts. Users receive text messages prompting them to download seemingly legitimate apps. If they take the bait and install the app, the SpyAgent malware gets…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature