The bad guys are more than willing to invest their time and knowledge into attacking medical data. But healthcare organizations are not particularly willing to try to defend it.
According to a study released in September, 2015, by Raytheon and Websense, healthcare institutions are much more likely to undergo data theft than any other sector. Moreover, they already experience 3.4 times as many security incidents.
What causes the popularity with attackers?
On the black market, medical records are highly desirable since they are a treasure trove of insurance numbers, financial information, and personally identifiable information (PII).
And why the lethargy among medical staff with respect to medical records?
Patient care takes a huge priority over record protection.
Further, and according to the Raytheon Websense report, security solutions frequently do not monitor hospital network traffic since improperly configured security measures may dramatically increase risks to the wellbeing of patients.
And, other than in the industry of stock trading, there’s no other industry where one has to err quite to the same degree on the side of openness.
The end result being, attackers invest a wealth of time in stealing medical records, while healthcare institutions don’t know how to effectively protect them.
Again, according to Raytheon Websense, on average, a healthcare organization spends merely three percent of their IT budget on security. HIMSS recommends they invest at least 10 percent.
Malicious Insiders
While outsider internet attackers bombard healthcare organizations with malware, there are also malicious insiders to be concerned about. With respect to a recent report released by Trend Micro, there’s a larger insider leak problem in healthcare than in any other sector.
The primary source of cases of identity theft were insider leaks (44.2 percent), while healthcare as a whole was hit harder than any other sector for identity theft, accounting for almost 30 percent of cases.
Another report by Bitsight, claimed that healthcare was second worst on the list of industry performers with respect to data security, the worst being education. Trend Micro said that some 26.9 percent of data breaches which were reported over the past decade were from the healthcare sector.
A huge contributor to the problem is that of complexity. Data and computing resources are shared across many labs, imaging centers, hospitals, and pharmacies, and those are all in multiple locations.
Nevertheless, there is a little bit of optimism. IT leaders within the healthcare organization have been asking their CEOs for funding to put towards cybersecurity. And although until recently, that request was to little avail, after the recent Anthem breach, things are changing.
For more information on how to protect your company from cyber theft, visit http://www.huffingtonpost.com/shane-paul-neil/big-data-bigger-breaches-_b_6109928.html
MonumentCapital
