If you think data breaches affect corporate spaces only, think over again. With the increase in digitization, the availability of personal information in the virtual space has also increased. And, the healthcare segment is its latest victim. In the year 2018, the number of breached healthcare data records almost tripled! This translated to the compromise of nearly 15 million patient records. So does that mean that your records at your physician or hospital are at risk? Know more in the ensuing sections as we take you through the top causes of healthcare data breaches.
How the Healthcare Sector is Opening its Arms to Technology?
Healthcare is one of the newer domains affected and uplifted by the technology wave. Apart from the ingress of AI and IoT into medical devices, automation and cloud computing are the other major developments.
Use of Automation in the Healthcare Industry
Most healthcare providers in the country have adopted automation and data mining to digitize health records and enhance their consistency. Automation is currently playing a multi-faceted role in improving record keeping and the overall services rendered to patients.
The in-built quality control mechanisms have critically reduced the errors that healthcare records were formerly steeped in. In fact, the continuous feedback loops from automated data mining are being increasingly used for the optimization and enhancement of healthcare services and management. Additionally, automation also solves the challenges faced by the patients, healthcare providers, and customers, by aiding in the development of innovative products and services.
Use of Cloud Computing in the Healthcare Industry
The healthcare industry is taking their operations to the cloud with the proliferating use of cloud computing. The cloud has made data storage, optimization and management easier thus profiting the providers and beneficiaries of the healthcare industry. Healthcare providers are thus able to offer exceptional care to patients in an economic environment.
Cloud computing enables doctors to seamlessly access and analyze patient data and medical history to provide them with better care and diagnosis. Furthermore, healthcare professionals across the globe can use the cloud as a knowledge sharing platform. This furthers the holistic improvement of the healthcare protocols used globally.
The Epicenter of the Healthcare Data Breaches
Amidst all the frenzy of data breaches affecting corporates, this figure might throw you off guard momentarily. In 2018, data breaches affected the healthcare segment most severely, subjecting it to 70% of the total data breaches.
According to a recent study, the largest number of data breaches occurred at the physician’s offices and hospitals. However, healthcare plans are responsible for the largest number of stolen patient records over the last seven years!
It’s true that centralized databases offer a huge reserve of resources and records for health researchers. On the contrary, they also expose a colossal amount of personal data to possibilities of misuse and data breaches.
What Endangers Healthcare Data?
So now the question arises as to why does your healthcare data interest a hacker or a perpetrator? Well, for starters, an individual’s healthcare data contains his/her personal data such as name, address, and number. And, the jackpot is the financial data that is more often than not embedded in a person’s healthcare records!
A miscreant can use this information to create a duplicate credit card account, or sell it on the dark web! Unfortunately, the healthcare segment has emerged as a softer target for cyber criminals due to its increasing adoption of digital records.
Top Causes of Healthcare Data Breaches
Hacking impacted nearly 11.3 million patient records in 2018 – a threefold increase over the 3.4 million compromised in 2017. Wish to know the publicly released figures? Nearly 15,085,302 medical records were stolen in 2018 versus 5,579,438 in 2017.
Does that concern you? So, here are the top cause of healthcare data breaches.
1. Human Error
Where humans are involved, errors are inevitable. Healthcare offices are the hub spot of science, technology, and bureaucracy. Sadly, unintentional human errors are often responsible for a third of healthcare data breaches. The usual errors encompass incorrect delivery, disposal error, physical loss, publishing error, omission, misconfiguration, and data entry and programming errors.
Interestingly, one cannot blame technology exclusively. Studies show that physical documents top the charts when it comes to security issues pertaining to human errors.
A recent study by Johns Hopkins University and Michigan State University demonstrated that internal unauthorized access or disclosure caused a quarter of healthcare data breaches. This is more than double the breaches caused due to external hacking. Insiders were responsible for a third of healthcare data breaches in 2018. Out of this, 67% of the insider breaches were due to interfering family members, and 16% due to prying co-workers.
Example: Such forms of insider data breaches are usually a result of ‘privilege abuse’. For instance, a diagnostic technician receives access to a patient’s data for data entry. He/she may later misuse the privilege to pry on patients.
‘Possession abuse’ has similar connotations, just that it involves misuse of the information contained in a physical asset/document.
3. Physical Theft
A study revealed that 95% of ‘physical’ security incidents resulted from theft. Laptops are the hot favorites of miscreants as they store a host of personal and confidential information. In fact, laptops and documents jointly account for 75% of security incidents involving theft.
Next time you carelessly chuck your laptop inside your car, you may want to exercise more caution. This is because 47% times a laptop is generally stolen from a car!!
Hacking is the act of unauthorized access to a system or device. In the case of healthcare data breaches, a hacker usually prefers stealing personal credentials than breaking into the entire system/network. However, 1 in 5 security incidents is a result of brute-force attacks i.e. the act of methodically attempting to guess credentials.
Remember the infamous Ransomware attack on the UK’s National Health Service? It cost the organization nearly £100m and disrupted its healthcare chain for weeks. The encryption of systems connected to the NHS rendered them unusable, thus adversely affecting patient care.
As per a recent study on healthcare data breaches, more than 70% of malware-related security breaches resulted from ransomware. Want to know the favorite targets of malware attacks? These include servers, desktops, and databases.
ARDC – For Advanced Research in Cyber Security and Digital Forensics
The Center for Advanced Research in Digital Forensics and Cyber Security (ARDC) provides training and certification on ethical hacking and a host of other digital forensics courses. ARDC also provides cybersecurity training and awareness to Law Enforcement Agencies, corporates, and educational institutions.