We recently discussed why healthcare data is so valuable; healthcare records can go for at least 10 times as much as credit card data on the black market. According to a Forrester Report, Stolen and Lost Devices are Putting Personal Healthcare at Risk, a single health record can be sold on the black market for $20, while a complete patient dossier (including driver’s license, health insurance information and other sensitive information) can fetch over $500.
The high price of healthcare records on the market is attracting thieves, who are exploiting any vulnerability they can find, be it an unpatched system or an insecure endpoint device. An editorial on ID Experts recently explored some of the reasons why healthcare organizations are increasingly targeted for data theft:
- Healthcare records are more valuable, going for as much as 10 times that of credit card data
- Retail and financial industries are building up better defences, after years of being the primary target. Healthcare systems may be out of date
- Stolen healthcare information is harder to detect than fraud in the financial sector, so breaches can go undetected for a long time (longer breaches, longer use of breached data)
- There are many ways that stolen healthcare records can be used, many of which do not trigger suspicious activity right away
- More healthcare data is being collected than ever before
Boston University health policy professor Alan Sager recently noted, "The ability of health care companies to compile data has grown far faster than their ability to protect it.” 90% of healthcare organizations reported at least one data breach in the past 2 years and 38% reported more than five. The cost of healthcare data breaches could hit $5.6 billion in 2015, including such costs as compliance fines, lawsuits, as well as the costs associated with data breach notification and loss of consumer trust.
The Price of a Healthcare Data Breach
The average cost of a data breach is higher in healthcare than in any other industry, up now to $5.9 million per breach. If your organization can’t handle this cost, we’d like to help.
6 Steps to Avoid a Healthcare Data Breach
- Encrypt PHI stored on portable devices including laptops, tablets, and smartphones
- Choose a persistent endpoint security and management solution that will allow you to maintain a connection with a device regardless of user or location
- Run status reports to prove encryption solutions were in place and properly working during and after an endpoint security incident (this is an important step to satisfy the rules set by the HHS Office for Civil Rights)
- Use security software that allows you to perform remote actions on an endpoint such as data delete, data retrieval, device freeze, and forensic investigations
- Review and update HIPAA privacy and security policies so you’re up to date with regulatory compliance requirements
- Learn from peer organizations that have experienced a data breach (like this Anthem breach) and make necessary adjustments to ensure you don’t suffer the same fat
Learn more here.