One in three Americans will have their healthcare records compromised by cyberattacks in the coming year, a new study predicts. This is a radical figure, one which follows on the heels of the Verizon report earlier this month, which indicated that half of Americans had their healthcare records compromised since 2009.
The IDC Study, Worldwide Healthcare 2016 Predictions, gives 10 predictions for healthcare along with their IT impact. As the IDC Health Insights team indicates in the report, the drivers influencing investment in healthcare IT are heavily influenced right now by security and the current impact of data breaches. Other drivers include mobile technology, 3rd platform technology to digitize healthcare, the movement towards personalized medicine and the need for new data sources and analytics.
IDC predicts that one in three individuals will have their healthcare records compromised by cyberattacks in 2016 alone, which doesn't paint a very bright immediate future for healthcare security. According to the most recent data, there have been 269 breaches accounted for in 2016 in healthcare (35% of all breaches) affecting over 121 million records (68% of breached records).
"Frankly, healthcare data is really valuable from a cyber criminal standpoint. It could be 5, 10 or even 50 times more valuable than other forms of data," said Lynne Dunbrack, research vice president for IDC's Health Insights.
With the increased digitization of healthcare data, data breaches in healthcare are more lucrative than ever before. Cybercriminals, when successful, have access to millions of records, as we’ve seen this year with Anthem and Premera. And yet to suggest that cyberattacks and cybercriminals are the cause of data breaches suggests a brute force attack, which these large breaches and many in the industry have proven to be erroneous.
As the Verizon report indicates, and this IDC study mentions, device loss/theft and human error are the top causes of most data breaches in healthcare. Even just basic education on awareness of phishing can go a long way to preventing data breaches. Coupled with education and awareness training, security policies and a defense-in-depth strategy of layered technologies can assist healthcare in preventing cyberattacks.
Layers of technology, which offer automated alerts of suspicious behaviour to identify and contain attacks or breached data, can go a long way to preventing a security incident from becoming a full-blown data breach. For example, if a device is lost, it compromises not only data but also network access and passwords which may be used in future cyber attacks. A proactive approach that can remotely lock down that device and delete data can help prove compliance and put a halt to future cyber attacks. Learn more at Absolute.com