Healthcare News & Insights

Data breaches expected to get worse before they get better

Think the healthcare industry is getting a handle on data breaches because of all of its sophisticated technology and protection plans? 166738231It’s true, the industry has gotten more technologically savvy when it comes to protecting patients’ healthcare data. However, so have thieves and the way they access data.

So while the industry has improved, the number of people experiencing identity theft has skyrocketed. In fact, in 2003 only 5 million people fell victim to identity theft. But in 2012, that number increased to 12.5 million.

Why the huge jump?

Rick Kam, president and co-founder of ID experts in Portand, OR, told the American Medical News (AMN) the increase was due to two reasons:

  1. The type of data being stolen has changed. No longer are criminals going after personal identifiable information. Now they are targeting personal health information because of the value it holds and the ease with which thieves can get to it, and
  2. Previously, the majority of data breaches were from human error — someone lost a laptop or paper records were improperly disposed. Today, a growing number of breaches are from hackers and cyber criminals.

“These criminals essentially are finding ways into those systems to go after very specific pieces of data, and using that data to create bigger frauds,” Kam told AMN.

Studies have found that on the black market, the average value of a medical record is $50. Add to that another study which found that 94% of healthcare organizations surveyed had at least one breach in the past two years, and you’ll see medical records theft is a very profitable business.

Easy access

While mobile technology makes sharing and accessing medical records a lot easier for healthcare providers, it also makes it easier for thieves.

Patients’ medical data can now be found in multiple locations, including unsecured smartphones, laptops and tablets. So thieves have plenty of places to look, no matter what type of thief they are: device stealer, outside hacker or someone who uses employees to access patient information.

And from what the experts say, it’s only going to get worse and the breaches more severe before it starts getting better. And there’s a new potential source of breaches: statewide health information exchanges funded under the Health Information Technology for Economic and Clinical Health Act. Many of them don’t have the funds to secure their data from all the existing targets.

Action steps

Investing in technology to protect data is a good thing, but experts warn that healthcare organizations shouldn’t rely on it as their sole protection.

Hospitals need to do three things to increase the protection of their data:

  1. Learn how to use the technology properly. People who “sort of” know how to do things can put your facility at risk.
  2. Train employees to be better protectors of the data, and that includes informing them of the consequences if security policies aren’t followed, and
  3. Pay more attention to the training of your business associates, such as carriers and vendors. According to Kam, there are 3 million business associates compared to 500,000 covered entities.

Subscribe Today

Get the latest and greatest healthcare news and insights delivered to your inbox.