breaches_cropped

1,217 PHI Breaches and Counting

Since October 2009, 1,217 breaches of unsecured protected health information (PHI), each affecting more than 500 individuals, have been reported to the Office for Civil Rights. These breaches have affected a total of 133,253,121 people. As smaller breaches do not need to be reported to the U.S. Department of Health and Human Services, the real number of PHI breaches is certainly much higher. For instance, the Identity Theft Resource Center (ITRC) has found that since 2005, breaches in the medical/healthcare industry have affected more than 156 million people.

The frequency with which hackers are targeting the healthcare industry is exploding. Cyber attacks on healthcare companies increased 72% between 2013 and 2014, and ransomware attacks (blocking system access until $$ is paid) soared 113%. Digital invasions into hospital data increased 600% in only 10 months in 2014, and during the first 4 months of 2015, more than one-third of all data security breaches tracked by ITRC came from medical/healthcare companies. 

This onslaught is fueled by the skyrocketing value of PHI on the black market. Earlier this year, one hacker was found selling a “value pack” of 10 people’s Medicare numbers for the equivalent of $4,700. The multiple avenues available to exploit PHI, combined with the extreme difficulty of preventing the misuse of medical information once its security has been breached, are why Eva Velasquez, president of the ITRC, refers to the healthcare industry as playing a game of Whack-A-Mole

Needless to say, most providers my colleagues and I have spoken with about data security are feeling overwhelmed, unsure of where their vulnerabilities lie, and sometimes completely lost as to what to do or who to go to for help.

In response, we have just launched into research for our perception study on data security and breach prevention that will help healthcare providers understand what tools and services their colleagues are using as well as which vendors are addressing the biggest technology security threats facing the healthcare industry.
Healthcare providers: What are the biggest data-security threats facing healthcare organizations?