Criminal attacks have become the leading cause of healthcare data breaches, according to the Traverse City, Mich.-based Ponemon Institute. It is the first time in the five-year history of Ponemon’s annual survey of privacy and security of healthcare data that malicious activity, not negligence or technology glitches, was the No. 1 threat; in fact, Ponemon found that criminal attacks on healthcare entities have increased by 125 percent since 2010.
“2015 really, unfortunately, has become the year of the healthcare data breach,” Rick Kam, president and co-founder of breach response firm ID Experts, which sponsored the study, said in a conference call with reporters. “The criminal element has realized that there is more value in patient data than there is in a financial record.”
Nearly 45 percent of overall healthcare data breaches now result from criminal attacks, the report indicated. Some 78 percent of healthcare organizations and 82 percent of their business associates suffered malware attacks over the Internet, according to the Ponemon Institute. This marks the first year that the Ponemon report looked at business associates as well as covered entities, as defined by HIPAA.
With the Rise of AI, What IP Disputes in Healthcare Are Likely to Emerge?
Munck Wilson Mandala Partner Greg Howison shared his perspective on some of the legal ramifications around AI, IP, connected devices and the data they generate, in response to emailed questions.
Data breaches now cost the healthcare industry $6 billion annually, said the report, which the Ponemon Institute issued Thursday. Each stolen medical record might be worth $60-$70 on the black market, while financial records might only fetch a dollar, Kam said, citing FBI data.
“It seems like it’s an epidemic in terms of the loss or theft of information,” said Dr. Larry Ponemon, founder and chairman of the Ponemon Institute. “It’s a big deal.”
Ponemon said that criminals are starting to realize that a medical record can give them access to individual Social Security numbers and credit card numbers, as well as an opportunity to defraud Medicare or Medicaid.
“The bad guys find value in the information that they can retrieve from hospitals. And guess what? Hospitals, healthcare organizations and business associates may not have the proper security controls in place to even detect some of these criminal or nefarious activities,” Ponemon said. Just 40 percent of healthcare organizations and 35 percent of business associates demonstrated that they were concerned about malicious attacks, according to the report.
A Personalized Approach to Medication Nonadherence
At the Abarca Forward conference earlier this year, George Van Antwerp, managing director at Deloitte, discussed how social determinants of health and a personalized member experience can improve medication adherence and health outcomes.
“It just seems like healthcare is lagging on implementing sophisticated security procedures,” Ponemon added. However, that may be changing in the wake of high-profile hacks against health insurers Anthem and Premera Blue Cross, incidents traced to the Chinese government.
