Loading...

Check-In on Industry Predictions: Healthcare Breaches

Published: November 2, 2016 by Guest Contributor

Late last year, our Third Annual Data Breach Industry Forecast predicted cybercriminals would continue to focus their attacks on healthcare institutions, inspired by the knowledge that the black market value of medical records continues to surpass the value of credit card numbers. Industry experts we interviewed also predicted employee missteps would be a source of healthcare breaches.

Entering the final quarter of 2016, our prediction is playing out in the numbers; nearly half of all consumers affected by a data breach so far this year had their personal information exposed through a healthcare-related incident, according toinformation compiled by the Identity Theft Resource Center.

In the first three quarters of the year, 256 medical and healthcare data breaches exposed more than 13.5 million records, the highest number of any sector the ITRC tracks. Records compromised in a healthcare breach accounted for 47.2 percent of all affected records in 2016.

The healthcare sector has been a hotbed of attacks throughout the year, largely due to the continued value of medical records sold on the dark web. These records can be used for far more than just filing fraudulent medical claims. One lucrative use is filing fraudulent tax returns.CNBC reportedthe IRS expects, and has been bracing for, an increase in tax fraud linked to the high number of medical breaches this year.

It’s easy to understand why medical records can be so profitable for hackers. While financial accounts such as credit cards may contain a limited amount of personal information, medical records are much more comprehensive. Typically, they contain a wealth of information far beyond mere account numbers. In addition to names, addresses and birth dates, medical records often contain Social Security numbers, which healthcare providers may use as patient identifiers.

The employee factor

Many of the mega-breaches of 2015 occurred through digital routes that the average consumer would find downright arcane. In 2016, we’ve seen an increase in smaller attacks with mundane origins such as stolen hardware, poorly secured employee email accounts or phishing attacks. Consider these examples reported in the HIPAA Journal:

For healthcare institutions, the takeaway from 2016 should be the need to remain vigilant and proactive regarding the many ways in which data breaches can occur. While 2015 was the year of healthcare mega-breaches, 2016 has seen the emergence of smaller breaches that still have the potential to cause significant harm to organizations and patients.

Related Posts

Review of Findings & Front-line Insights Panel Participants: About NetDiligence Cyber Claims Study It is NetDiligence’s 13th year of...

Published: February 12, 2024 by Michael Bruemmer

Ryan Coyne recently participated in a panel with industry experts, delving into third-party cyber risks and mitigation strategies.

Published: February 5, 2024 by Michael Bruemmer

We've released our 11th annual Experian 2024 Data Breach Industry Forecast to embark on a journey into the future of data breaches.

Published: January 29, 2024 by Michael Bruemmer