News Feature | December 22, 2014

Costs Of Healthcare Data Breaches Could Hit $5.6 Billion In 2015

Christine Kern

By Christine Kern, contributing writer

Data Security

The financial strain of data breaches will continue to plague the healthcare industry next year.

A report from Experian demonstrates the risk of high-profile data breaches is greater than ever and the threat is “persistent and growing,” particularly within the healthcare industry. The report further finds the potential costs to healthcare may reach $5.6 billion next year.

As Health IT Outcomes reported, it’s not hard to figure out why. Experts say hackers can profit more from medical data than credit card information – just another indication that protecting health data is more important than ever.

“The expanding number of access points to protected health information and other sensitive data via electronic medical records and the growing popularity of wearable technology makes the healthcare industry a vulnerable and attractive target for cybercriminals,” the report states. “Several factors suggest the healthcare industry will continue to be plagued with data breach headlines in 2015.”

Further complicating the picture for healthcare is the fact that many doctor’s offices, clinics, and hospitals lack adequate resources to fend of attacks and safeguard patient information.

And healthcare data breaches can actually be more dangerous than financial ones as Health IT Outcomes notes. The HHS data reveals that healthcare breaches affect 1 of 10 Americans, or more than 37 million U.S. residents since 2009. And the theft of health information is profitable for hackers, who can get ten times the price of a credit card number for a health record.

Medical identity theft also remains a central threat as cyber-criminals look to capitalize on the bigger payout for PHI on the black market. According to industry reports, medical identity theft has now claimed more than 1.8 million victims, granting hackers the ability to gain medical services, procure drugs, and defraud private insurers and government benefit programs. This means that healthcare organizations must find ways to secure vast amounts of sensitive data stored on their networks, which combined with the value of a medical identity string makes them an attractive target for cyber-criminals.

The report also demonstrates security is still inadequate in healthcare when compared with other sectors, citing a memo from the FBI that was distributed to the industry, that explained, “The healthcare industry is not as resilient to cyber intrusions compared to financial and retail sectors, therefore the possibilities of increased cyber intrusions is likely.”

According to the report, the expanding number of access points to Protected Health Information (PHI) and other sensitive data via electronic medical records and the growing popularity of wearable technology leaves the healthcare industry particularly vulnerable to cyber-attacks.

Earlier this year, the FBI released a private notice to the healthcare industry warning providers that their cyber-security systems are lax compared to other sectors. Healthcare organizations will need to step up their security posture and data breach preparedness or possibly face sanctions from federal regulators in 2015.

But it’s not just outside threats that lead to breaches. The report also revealed that “Employees and negligence are the leading cause of security incidents but remain the least reported issue.” And former employees can also pose a danger, as Health IT Outcomes reports.