Thanks to our friends at Alert Logic for sharing this article.
Many industries have unique characteristics that make them attractive data breach targets. Financial services organizations manage money, media sites can deliver hacker’s messages to a wide audience, and government departments have confidential information of interest to other states. Like these and other industries, healthcare is an attractive target in its own right.
Here we suggest three reasons that make the healthcare industry a unique target. Some are very US-specific given the nature of the healthcare system here. We’re sure there are others. If you have ideas, let us know using the Comments box below.
1. Healthcare clouds hold sensitive information
Like other industries, healthcare organizations hold vast amounts of highly confidential personal and financial data. What’s different from many other industries though is that medical data theft is often not immediately identified and that gives hackers more time to milk credentials. Part of that is because, at least here the US, the healthcare system is so fragmented that it makes it easier to use one set of stolen credentials and medical records to create another. Another reason is that for consumers, it may not be as easy to access your medical records as it is to look up your credit card statement online.
2. Electronic Medical Records (EMR) are more valuable than other data
Studies show hacked medical records being worth somewhere between US$50 and $250, much more than credit cards or other data. Again, there are several reasons for the greater value. To the right customer, being able to assume someone else’s identify and their insurance could mean getting necessary treatment for essentially free. Hacked health records can also be used in creative ways, for example to create fake IDs to buy medical equipment or drugs that can be resold or to file made-up claims with insurers.
3. The security landscape is changing with healthcare clouds
In addition to continually emerging threats, healthcare companies are offering doctors, nurses and consumers new ways to engage, for example, replacing staff pagers with smartphones and tablets. For consumers, mobile applications to make appointments, order prescriptions and make payments are new. And for healthcare organizations themselves, adopting technology like Electronic Health Records (EHRs) and participation in organizations like Accountable Care Organizations (ACOs) or Health Information Exchanges (HIEs) all translates to more entry points that need to be secured. The Ponemon Institute does an annual report on Patient Privacy and Data Security that has some interesting observations in this area.
So what do you do if you’re part of a healthcare organization and want to manage data security? Our advice is the same for cloud computing in healhtcare as what we give to individuals in other industries… include security in the conversation as you adopt EHRs and other technology, understand your risks, and have people to mitigate those risks or work with trusted partners who can help you keep the information in your healthcare cloud safe and secure.
By Alert Logic