Data breaches come in many forms, but healthcare data security has been in the limelight for quite some time now. One of the reasons for the drama being the recent episode with WannaCry ransomware, which paralyzed as many as 200,000 computers, including 48 hospital trusts in the U.K. and countless medical facilities in the U.S. The WannaCry malware attack exposed the cybersecurity flaws of healthcare organizations and raised serious doubts on medical data security.
Unlike other data breaches, where the stolen data may quickly become redundant, data from healthcare records include identities and medical histories. This data cannot be overwritten, like changing a password. According to the renowned consultancy firm Accenture, healthcare data exploitation resulting from poor security practices will affect 1 in 13 patients over the next couple of years. Also, one-fourth of every security breach may impact the healthcare sector, a research by the Brookings Institution warns. This clearly suggests one thing; that healthcare data security is quite vulnerable to data breaches.
“A patient’s healthcare record is a repository of valuable information which may include Social Security numbers, list of addresses and their health history – making them more desirable to hackers than any other form of data” concludes the research by the Brookings Institution.
The premium offered to cybercriminals for this data in the black market is all the incentive they need to target their malware on the vulnerable healthcare sector’s data storehouses. For instance, here is a sample of the minimum going price for the stolen personal data, in the online black markets-
The prices offered depends on the class of information auctioned. In Brazil alone, a list of personal phone numbers will attract anywhere between $300 and $1,900. A list of email account details can fetch a minimum of $163 in the Chinese darknet marketplaces. While work and private email addresses are usually sold for a minimum of $210 in the Russian dark web.
Another study exploring the extent of data breaches, tried to determine “How much is the personal data worth to that person? Health information and medical records came second, valued at an average of US$59.80, only next to passwords.
Apart from monetarily exploiting the medical records hacked, Cybercriminals use this data to damage a person’s reputation by committing identity theft or exposing personal matters to the public. Data security lapses have even led to the breaching of secure business accounts, enabling hackers to bring down a corporation’s entire network.
It is safe to say that the healthcare industry’s focus has sadly been on keeping up with the regulations as it moves to electronic record-keeping, rather than cybersecurity being given due diligence.
“The push toward a more integrated healthcare system has required medical data to be shared with different types of entities, resulting in even employees having access to patient records,” the study by Brookings Institution criticises. It is simple really, “Extended access to medical records increases the potential for privacy breaches.”
According to Lisa Gallagher, former VP of the Healthcare Information and Management Systems Society (HIMSS) in Chicago, “Enterprises with legacy systems are trying to connect to and integrate EHRs. Data security is not always considered as a part of that, and patching systems are always fraught with peril.”
With more healthcare institutions depending on the collection of personal data, be it online or directly, to provide superior services, cybercriminals will continue finding new ways to exploit vulnerabilities in the security systems. After all, technology is technology’s own enemy, right?
During times like this, there is certain apprehension in the minds of healthcare professionals and enthusiasts alike, in divulging information related to medicine. It seems that one can never know for sure if their healthcare data is secure. Rest assured, TacitKey is a closed, secure platform and content shared cannot be downloaded. Healthcare data security has always been our priority.
No doubt, healthcare providers and organizations have shown a brave face in the event of Data security breaches and exercised damage control measures to reduce the impact. They now have failsafe’s in place, such as “new integrated, preventive measures” to prevent data breaches and continue business operations.
The latest in Healthcare data security tech enables “zero client laptops”, making hard drives and local operating systems redundant. Data and support systems are now pushed to cloud-based systems. The result- cybercriminals have a reduced chance of getting a backdoor way in.
According to Ciaron Hoye, head of digital at NHS Birmingham, “switching to a cloud-based approach also pays dividends for patients: In addition to the security implications, another key benefit of moving healthcare applications to the cloud is the ability to break down silos between different departments.”
Making the switch to cloud also enables faster access to records by doctors. “This offers a far more joined-up service for patients,” he adds, “as they will see a reduction in time spent in and between appointments, with diagnostic information more readily available.” Patients can also get newer and more precise treatments.
Kaveh Safavi, senior managing director for Accenture’s global healthcare business, feels that blockchain technology could be the next best option at “fighting fire with fire”, so to speak. Healthcare security is going the bitcoin way — using a delocalized, peer-to-peer data storage technique to store sensitive data.
Technology is technology’s own enemy. No matter how advanced your cybersecurity protocols, all it takes is one employee clicking open one malicious email for hackers to open the floodgates to the entire organization’s network. The onus is on healthcare organizations to iterate that “security is everyone’s business”. Until that, can any data be really safe?