Cyberthieves are increasingly turning their attention away from financial firms and targeting doctors and hospitals. Filching health care data proves lucrative to hackers – and costs the U.S. health care systems $6 billion annually, a study released Thursday (May 7) by security research firm Ponemon.
Such targeted, and criminal attacks against health care providers have more than doubled over the past five years, and the average data breach can cost a hospital $2.1 million. Close to 90 percent of respondents to the Ponemon survey were the victims of data breaches in the past two years, and nearly half of those breaches were criminal in nature. Criminal attacks are up 125 percent from five years ago and are supplanting lost laptops as the leading threat to patient privacy.
There’s a financial incentive for such brazen attempts to lure data away from practitioners, Bloomberg notes medical records, which often contain Social Security numbers, insurance IDs, addresses and medical details, sell for as much as 20 times the price of a stolen credit-card number, according to Dell SecureWorks, a unit of Dell. The numbers of records tapped this year are already in excess of 2014, a threshold crossed once hackers accessed almost 80 million records from Anthem and 11 million from the health insurer Premera Blue Cross.
Thieves can use that information to take out a loan or open up a line of credit in the victim’s name, or for medical identity theft, where the victim’s insurance ID is used by an impostor seeking free medical care, Bloomberg reports.
Roughly half of health care organizations surveyed by Ponemon said they didn’t have sufficient technology to prevent or even quickly detect a breach. Nor did that have relevant personnel with the necessary technical expertise in place.
“The organizations are getting better, but it is a slow-moving train,” Larry Ponemon, chairman of the Ponemon Institute, told Bloomberg. He said many firms are moving from paper-based to automated systems, a transition that makes them “very vulnerable to criminal attacks.”