2015 has not been kind to the healthcare industry’s information security. A recent infoRiskToday article emphasised five massive data breaches, and a record data loss year for the healthcare industry. Highlighted by Anthem’s stunning data breach that affected over 78 million people, the past seven months have shown a rising problem in data security in healthcare.
According to the federal tally of major health data breaches, over 100 million people have been affected by healthcare data breaches in 2015 ALONE – that’s over 30 percent of the U.S. population!
Why is healthcare being so heavily targeted today?
The Value of PHI is 10X Credit Card Information
Protected Health Information (PHI) has incredible value because it usually includes all of the necessary information required in identity theft. Social Security numbers, birth dates, addresses, credit card numbers, telephone numbers, personal injuries, medical conditions and many more pieces of personal information are in PHI. This data is incredibly valuable on the black market and has spurred this large rise on healthcare data breaches.
But what puts even a larger value on PHI is the opportunity it provides companies. Businesses can leverage people’s medical information, such as diseases, conditions or medications in order to market to potential consumers. It is a harsh and scary reality that organisations will be offered stolen PHI, and purchase it simply to increase their business.
A perfect example of this was at Rady Children’s Hospital in San Diego. After the hospital suffered a data breach, one mother filed a lawsuit saying that her daughter’s information was compromised. The daughter had been hospitalised with depression like symptoms, and two weeks after the breach she started receiving mail asking her to participate in depression studies.
Current Data Security Problems in Healthcare
Anthem’s monumental 78 million-person data breach was caused by a compromised database administrator (DBA) account. A malicious outsider used the DBA’s user credentials. Once hijacked, the malicious outsider’s access appeared normal since the DBA had privileged access. 78 million stolen records later, this seemingly normal access was anything but! It is imperative healthcare organisations step up their efforts in educating their users on data security best practices and safe actions.