Data breaches are a huge problem in healthcare. For the companies tasked with protecting patient data, the fines are steep, and the reputational damage can be severe. All that is added on to the cost incident recovery and security enhancements that inevitably follow.
For the patients affected by privacy breaches, protected health information (PHI) theft can be disastrous. Cybercriminals sell medical and financial records on the dark web to buyers who plan to use the information for identity theft and fraud.
In fact, it was the sale of PHI on the dark web that tipped off a medical collections agency, which discovered it fell victim of one of 2019’s largest hacking incidents. At 20 million compromised healthcare records, this breach stood out in terms of scale, but it joined the ranks of an overwhelming number of known attacks. According to data from the Protenus Breach Barometer, attacks occurred at a frequency of about one per day through the first half of 2019.
Per the Protenus report, 60% of the attacks recorded were the result of hacking activity (like the medical collections agency’s breach). Some 3 million records, however, were compromised at the hands of insiders.
The troubling issue there is that insider threats can be even more difficult to detect. Hospitals and other medical systems have to make legitimate healthcare data access quick and easy, as this access can literally be a matter of life and death. But it can be difficult, within these environments, to detect incidents of improper or suspect data access.
Apart from massive outliers, such as the 78 million-record Anthem breach in 2015, the number of breached records keeps moving upward. After only six months, the tally for 2019 had doubled that of 2018 in its entirety. Healthcare companies clearly need to take action to stem the tide and put a stop to this alarming trend.
Lunarline offers healthcare-focused training and solutions, along with a range of cutting-edge products designed to bolster your defenses against any kind of security or privacy threat, whether it’s an insider mishandling records or a hacker gunning for your databases.
To learn more about how we can help your business, contact us today.