While many industry sectors completed their digital transition slowly, the healthcare sector changed rapidly and often with little preparation, leaving crucial computer networks open to hackers.
Just 9.4% of hospitals used electronic health records (EHRs) in 2008, but six years later, 75.5% of facilities had adopted at least a basic EHR system, The Office of the National Coordinator for Health Information Technology reported in 2015.
Data is vital for healthcare informatics professionals and others seeking to enhance care and control costs. It’s also highly valued by cyber criminals who steal patients’ identities to barter on the dark web and black market, and to demand ransoms from medical providers.
In 2015, health insurance company Anthem was hacked, exposing the personal information of 79 million customers. The company agreed to pay $115 million to settle class-action lawsuits over the breach.
From late 2009 through 2015, about 155 million U.S. patients were affected by nearly 1,500 data breaches, according to a 2016 report by the Center for Technology Innovation at Brookings.
The report highlighted several contributing factors:
- Healthcare data is more valuable to hackers because it contains Social Security numbers, addresses and medical information
- Data is shared among entities, raising the risk of breaches
- Information is stored for many years because of legal requirements and the possibility of a breach increases over time
- Government programs resulted in healthcare organizations using EHR systems without adequate security
- Healthcare providers had little incentive to invest in privacy safeguards as breaches historically had minimal impact on their revenue
- The Health Insurance Portability and Accountability Act (HIPAA) requires protection of healthcare data but is outdated and doesn’t provide specific guidelines
Cyber attacks will affect 1 in 13 patients and cost U.S. health systems $305 billion from 2015-19, according to Accenture. About 25% of those affected by healthcare data breaches will become identity theft victims and 16% will have to pay out-of-pocket costs, the global technology services firm forecast in 2015.
Although healthcare leaders can boost their organization’s ability to defend against hackers by an average of 53% by implementing cybersecurity measures, such preparation is lacking, Accenture noted. That leaves an opening for hackers to lock down critical network systems in exchange for ransom; a vulnerability with potentially life-or-death consequences for patients.
The Brookings report offered recommendations for bolstering the security of patient data and healthcare systems, including:
- Prioritize patient privacy by investing in innovative security technologies
- Share information with other healthcare organizations to develop security strategies and protocols across the patient care spectrum
- Purchase cyber insurance, giving insurers access to audit and monitor privacy protection systems