Cyber criminal organizations are increasingly targeting the health care industry. The combination of limited IT security budgets, older operating systems and high value information make health care the low hanging fruit for hackers.
According to a study by the Ponemon Institute, the average cost to a hospital of a data breach is $2.1 Million. The US health care industry has lost over $6 Billion to cyber criminals going after medical records. In late 2015 and early 2016, more than 113 million patient records have been stolen making this type of cyber crime big business.
Why are medical records targeted? On the black market, medical records are 20 times more valuable than credit card information stolen from financial institutions. Medical records have patients complete identity including Social Security numbers, insurance ID numbers, birth certificates, death certificates, names and addresses and more. Criminals can build identities with this information to take out loans, get insurance policies, buy drugs and more.
Beyond being lucrative, health care IT systems are easy. Electronic Health Record systems have been growing in popularity and are also tied into computers that doctors and nurses use to record patient data during appointments or throughout a hospital stay. These expensive systems are tied into other electronic medical equipment making system updates slow to update and expensive to deploy. Therefore, the Operating Systems in many healthcare IT systems are slower to migrate to the latest, more secure versions.
Another twist to the theft of records is a relatively new phenomenon called ransomeware. The attacker will insert code into the network of a hospital that renders the entire system inoperable then demand a ransom for returning the system to its useful operation. This is a relatively simple operation that can be perpetrated from anywhere in the world.
While anything connected to a network is vulnerable, the technology is available to make this crime much more difficult. Updating systems, increasing IT Security budgets, diligent employee training and deployment of multiple layers of cyber threat protection can help protect the confidentiality of patient records. Cyber Security diligence can save the industry millions of dollars and help restore patient confidence that their personal information is secure.