The health care industry’s security system isapparently in need of major repair.

|

Two reports surfaced recently offering evidence of cybersecurityissues in the industry. While one report notes stolen health care information isn’t nearly asvaluable on the black market as is financial industry data, thievescan still get key personal information by breaching a health caredatabase.

|

Perhaps the more alarming of the two reports was issued bySecurityScorecard, a provider of security risk information. Thecompany summarized its findings in its 2016 Healthcare Industry Cybersecurity Reportthis way: “Security breaches in this industry pose devastatingconsequences because they can render an entire system or networkinoperable, creating a life or death situation that needs immediateattention.”

|

Ouch!

|

How bad is the industry’s security network? SecurityScorecardrates its system almost at the bottom of 18 different industrysegments for adequacy of social engineering, the barometer forwhether a security system has been developed to prevent breaches.Only hacking and malware lead to more breaches than socialengineering — and it appears less attention is being paid to socialengineering as a cyberthreat.

|

The report says there has been 22 “major public [data] breaches”in the health care field since August 2015. Not only have thesebreaches put confidential patient information at risk, but theyhave resulted in litigation against the breachedorganizations.

|

Key findings from the SecurityScoreboard report include:

  • More than three-quarters of health care industry providers havebeen hit with a malware attack in the last year

  • Medical treatment centers were a favored target of ransomware,with 96 percent of those organizations reporting a ransomwareincident;

  • Nine in 10 health care manufacturers reported a malwareinfection;

  • Health care ranked fifth among the industries studied in thenumber of ransomware incidents;

  • Over half of the health care industry got a grade of C or loweron SecurityScorecard’s Network Security ranking.

The second report, by Intel’s McAfee Labs division, attempts toplace a value on stolen health care information.

|

The report says basic individual health data isn’t worth much onthe street — anywhere from a fraction of a cent for data byte to acouple bucks and change. But what the thieves are mostly doing isphishing in the health care data base waters for more valuabledata, like social security numbers, account numbers andbirthdates.

|

Those are far more valuable, and the hackers simply find healthcare data bases easier to penetrate than financial institutionsystems.

|

Alex Heid, chief research officer for SecurityScorecard, toldMcClatchyDC that hospitals are especially good targets for datathieves because of their generally poorly constructed systems.

|

“Hospitals have a lot of data that is similar to the financialsector: Social Security numbers, account numbers and credit cardnumbers,” Heid says. “People can use compromised health carerecords for Medicare fraud.”

Complete your profile to continue reading and get FREE access to BenefitsPRO, part of your ALM digital membership.

  • Critical BenefitsPRO information including cutting edge post-reform success strategies, access to educational webcasts and videos, resources from industry leaders, and informative Newsletters.
  • Exclusive discounts on ALM, BenefitsPRO magazine and BenefitsPRO.com events
  • Access to other award-winning ALM websites including ThinkAdvisor.com and Law.com
NOT FOR REPRINT

© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.

Dan Cook

Dan Cook is a journalist and communications consultant based in Portland, OR. During his journalism career he has been a reporter and editor for a variety of media companies, including American Lawyer Media, BusinessWeek, Newhouse Newspapers, Knight-Ridder, Time Inc., and Reuters. He specializes in health care and insurance related coverage for BenefitsPRO.