Report: Criminal activity now the No. 1 cause of health data breaches

Criminal attacks have become the leading cause of healthcare data breaches, according to the Traverse City, Mich.-based Ponemon Institute. It is the first time in the five-year history of Ponemon’s annual survey of privacy and security of healthcare data that malicious activity, not negligence or technology glitches, was the No. 1 threat; in fact, Ponemon […]

Criminal attacks have become the leading cause of healthcare data breaches, according to the Traverse City, Mich.-based Ponemon Institute. It is the first time in the five-year history of Ponemon’s annual survey of privacy and security of healthcare data that malicious activity, not negligence or technology glitches, was the No. 1 threat; in fact, Ponemon found that criminal attacks on healthcare entities have increased by 125 percent since 2010.

“2015 really, unfortunately, has become the year of the healthcare data breach,” Rick Kam, president and co-founder of breach response firm ID Experts, which sponsored the study, said in a conference call with reporters. “The criminal element has realized that there is more value in patient data than there is in a financial record.”

Nearly 45 percent of overall healthcare data breaches now result from criminal attacks, the report indicated. Some 78 percent of healthcare organizations and 82 percent of their business associates suffered malware attacks over the Internet, according to the Ponemon Institute. This marks the first year that the Ponemon report looked at business associates as well as covered entities, as defined by HIPAA.

Data breaches now cost the healthcare industry $6 billion annually, said the report, which the Ponemon Institute issued Thursday. Each stolen medical record might be worth $60-$70 on the black market, while financial records might only fetch a dollar, Kam said, citing FBI data.

“It seems like it’s an epidemic in terms of the loss or theft of information,” said Dr. Larry Ponemon, founder and chairman of the Ponemon Institute. “It’s a big deal.”

Ponemon said that criminals are starting to realize that a medical record can give them access to individual Social Security numbers and credit card numbers, as well as an opportunity to defraud Medicare or Medicaid.

“The bad guys find value in the information that they can retrieve from hospitals. And guess what? Hospitals, healthcare organizations and business associates may not have the proper security controls in place to even detect some of these criminal or nefarious activities,” Ponemon said. Just 40 percent of healthcare organizations and 35 percent of business associates demonstrated that they were concerned about malicious attacks, according to the report.

Sponsored Post

Physician Targeting Using Real-time Data: How PurpleLab’s Alerts Can Help

By leveraging real-time data that offers unprecedented insights into physician behavior and patient outcomes, companies can gain a competitive advantage with prescribers. PurpleLab®, a healthcare analytics platform with one of the largest medical and pharmaceutical claims databases in the United States, recently announced the launch of Alerts which translates complex information into actionable insights, empowering companies to identify the right physicians to target, determine the most effective marketing strategies and ultimately improve patient care.

“It just seems like healthcare is lagging on implementing sophisticated security procedures,” Ponemon added. However, that may be changing in the wake of high-profile hacks against health insurers Anthem and Premera Blue Cross, incidents traced to the Chinese government.