Data Breaches Epidemic at Healthcare Orgs and Managed Service Providers
Posted July 30, 2015
Latest Studies Show Cybercriminals Heavily Targeting Healthcare Orgs and Managed Service Providers (MSPs)
Healthcare organizations store their patients’ Social Security numbers, insurance information, dates of birth, phone numbers, addresses, and more — data that’s as good as gold in the wrong hands. And there are a lot of wrong hands reaching for it. A recent Ponemon Institute study bears this out, stating that a majority of healthcare organizations have come under cyberattack.
In his article on mspmentor.net, Michael Brown reports on the Ponemon Institute’s Fifth Annual Benchmark Study on Privacy & Security of Healthcare Data which surveyed data breaches among 90 healthcare organizations and 88 associated businesses such as managed service providers, the companies healthcare organizations often turn to for storing and administering patient information. The following has been excerpted from Brown’s piece and edited to fit our format. You may find his complete article by clicking on this link.
In the past data was compromised through physical loss or theft
[The] majority of [healthcare] data breaches [used to be] the result of [lost or stolen] laptops, documents, desktop computers, and flash drives, which were most commonly stolen or lost from an office or personal vehicle.
Now, cyberattacks number one cause of data loss
This year’s study…reported…criminal attacks increasing more than 125 percent over the past five years. According to the study, “45 percent of reporting organizations say that the root cause of their breach was a criminal attack, and another twelve name a ‘malicious insider.’” Third parties like MSPs reported that 39 percent of data breaches were due to a criminal attack and ten percent to a “malicious insider.”
Security incidents were by-and-large the result of criminal activity for both third parties (83 percent) and healthcare organizations (78 percent). Most attacks were conducted via malware. Over the past two years, 87 percent of business associates and 65 percent of healthcare organizations had experienced a cyber attack, while 41 percent of BAs [business associates] and 54 percent of HOs [healthcare organizations] experienced a paper-based security attack.
Medical ID theft to cost industry $5.6 billion
Medical identity theft has increased by 22 percent over just the past year. Nearly 2.3 million Americans have been the victims of medical identity theft, which costs individuals an average of $13,500 to resolve. Experts predict that medical identity theft will cost the industry $5.6 billion in 2015.
MSPs and other 3rd party vendors cite lack of resources
The Ponemon study reveals that it is not only healthcare organizations, but also their third-party vendors that are under attack by cybercriminals. In fact, more BAs than healthcare organizations experienced electronic information-based security attacks over the past two years. Protecting patient information has become one of the core responsibilities of cloud-based MSPs.
Unfortunately, about 50 percent of third-party vendors and healthcare organizations cited a lack of funding and resources when it came to security, and nearly two-thirds do not provide assistance to victims of data breaches.