Not only are data breaches in the healthcare sector becoming more frequent, they are also affecting a larger number of people than ever before.
5 of the 8 largest health data breaches reported since the beginning of 2010 took place during the 2015 calendar year.
Hackers are turning to the healthcare sector because patient medical records contain more personal information and carry more value than a social security number or credit card number.
IT and healthcare
In fact, experts estimate the value of an individual stolen medical record to be at least $60 because elements of the data making up a medical record — such as someone’s legal name, social security number, or birthday — aren’t easily changed.
It isn’t just patients that are affected by these breaches.
According to the Sixth Annual Benchmark Study on privacy & security of healthcare data by the Ponemon Institute, data breaches could be costing the healthcare industry an estimated $6.2 billion per year.
Healthcare systems and hospital databases have become increasingly appealing to cybercriminals trying to gain access to personal information, as they tend to be outdated and complex.
>See also: The (2nd) year of the healthcare hack
Oftentimes, these legacy systems are not secure enough to withstand malware breaches, nor do they meet the growing needs of modern business.
Complacency and compliance
Healthcare organisations continue to use antiquated approaches to data security. According to a survey conducted by Sophos, healthcare IT decision-makers are surprisingly negligent in their approach to protecting sensitive patient data.
The survey revealed that the healthcare industry had one of the lowest rates of data encryption, with only 31% of the healthcare organisations surveyed using data encryption extensively to protect sensitive information.
Even more surprising, a whopping 20% of healthcare organisations surveyed reported not using any encryption at all.
Additionally, a 2016 study of hospital cybersecurity found that patient health records remain “extremely vulnerable,” because the industry lacks an understanding of cybersecurity as well as the resources to combat it.
According to the study, the healthcare industry exhibits a “lack of executive support, insufficient talent, improper implementations of technology, outdated understanding of adversaries, lack of leadership, and a misguided reliance upon compliance”.
Compliance with government regulations is threatening healthcare security, as well.
The emergence of a number of regulatory statutes meant to protect healthcare operations and, under HIPAA rules, hospitals, health insurance companies, clinics, nursing homes and pharmacies must comply with requirements to protect the privacy and security of health information.
Unfortunately, these regulations are proving to be ineffective, and penalties tend to desensitise the security process instead of rewarding proactive organisations.
Solutions for healthcare providers
Healthcare organisations struggling to adhere to government requirements like HIPAA and the Affordable Care Act have put digital records in place, but, due to lack of resources (and oftentimes funds) they are failing their patients and themselves when it comes to digital security. There are a number of ways to mitigate these issues.
>See also: How big data is transforming healthcare
Bolstering the internal IT department is one option.
Training an internal team to monitor and improve IT surrounding the organisation’s security, record-keeping and other digital assets is a good place to start.
Once in place, the team may determine that certain upgrades need to be made. For instance, certain outdated legacy applications may need to be rewritten to improve certain aspects of security or data collections.
Alternatively, seeking a third-party partner to examine and correct flaws within the IT systems may be necessary.
This option is typically more cost-intensive up front, but usually solves the core issue faster so that the organisation can move on with a modernised system. Choosing a partner to update legacy systems is not easy, but there are roadmaps available for organisations looking to get started.
Finally, a combination of training internal teams and partnering with a third party vendor may be the best option for some organisations.
Understanding the issues that need to be fixed and then dividing and conquering to fix them — in order of importance and necessity — has been a positive approach for companies among many verticals.
The future of healthcare IT systems
As technology pushes the world into a progressively digital landscape, healthcare IT systems need to be ready in order to effectively protect patients’ medical records.
The option of digitising just enough to meet government requirements without a full security plan is no longer an effective option and the risks posed have already proven detrimental to many organisations.
Breaches in healthcare data are not only expensive but extremely dangerous.
Updating IT systems provides the only head-on solution for slowing or eliminating these types of breaches.
In order for healthcare organisations to combat “the year of the healthcare breach,” they will need to find effective solutions to outdated IT systems.
Sourced by Neil Hartley, director of U.S. operations for Morphis