Hacking Nearly Doubled In 2015

By Katie Wike, contributing writer

2015 was indeed the Year of the Healthcare Hack as health IT experts predicted last March. At the time, they noted health information was more appealing to hackers than ever before as it could be sold for more on the black market than even credit card numbers.

Now, a Redspin report confirms that prediction, finding the majority of healthcare breaches in 2015 were due to hackers. In the past, breaches have been most often attributed to accidentally disclosed information by unknowing employees or lost devices. However, a year ago only a little more than half of healthcare data breaches were the result of hacking or IT incidents; in 2015, 98 percent of breaches were the result of hacking.

“Healthcare organizations are under attack,” said Daniel W. Berger, President of Redspin in a news release. “For those entrusted to protect patient data, the security challenges are now that much more difficult.”

EHR Intelligence reports that of the 154,368,781 patient files that have been compromised, 73 percent of all breached patient files have occurred within the past year and hacking is to blame for this huge leap.

The largest threat — phishing scams. These lure employees into situations where their login credentials could be leaked. Often, this occurs through email or inadvertent downloading of malware.

“Because phishing attacks exploit human vulnerabilities rather than technical, healthcare organizations must step up their security awareness education efforts for all employees,” Redspin explained. “They need to be better trained to recognize phishing schemes through social engineering testing and security awareness training. Policies may also need to be tightened.”

“Phishing attacks exploit natural human tendencies like curiosity and helpfulness, often with devastating consequences,” added Berger.