Due to the number of mega breaches that have occurred and because their data is a favored target for criminals, the healthcare industry has taken a lot of heat on information security lately. Unfortunately for healthcare CEOs and CIOs, this trend is not going to go away any time soon.
A recent study on data breach conducted by Trend Micro shows that the healthcare industry is responsible for more data breaches than any other sector in the past decade (due to missing devices and untrustworthy insiders).
The report also found that from January 2005 to April 2015 overall data breach causes were:
What’s even more concerning with breaches and the healthcare industry is that 60% of their breaches were due to lost devices (only 7% were caused by hacking). Also, insider leak is a big problem for healthcare organizations.
Criminals look to steal personally identifiable information (PII), health information, financial data and payment card data to sell or use for identity fraud. Healthcare data can contain all of that information, while financial or educational data might be limited in what they have on file. This makes healthcare data the biggest target for insiders and hackers.
When we look at the value of PII data on the black market, although it has dropped down from $4 to $1, it’s still a high target due to what criminals can do with the information once obtained. Furthermore, health information and medical records are second to passwords in their value.
With this bit of information, it becomes quite obvious why the healthcare industry really needs to step up their information security game. With the number of solutions CIOs and CEOs can turn to in order to implement a holistic security posture, it’s concerning to see inaction. The sooner healthcare executives become proactive in their security measures, the sooner they can hope to avoid a breach crisis.
When was your latest security risk assessment or what measures are you taking to have eyes on your data assets?
Photo courtesy of Rafal Olechowski