A Record Month for Healthcare Data Breaches

July saw the highest number of hacking incidents since February 2015, when Anthem suffered a massive breach.

Healthcare data has never been more vulnerable. Last month, 42 separate hacking incidents led to the exposure of 22 million people’s healthcare data, according to the Department of Health and Human Services’ (HSS’s) Office of Civil Rights. That’s the second-highest number in a month since the department began tracking breaches in 2010. The only worse month was February 2015, when Anthem suffered a massive breach that exposed the data of its nearly 80 million members.

There are very few, if any, healthcare organizations that can claim to have been unaffected by cyberattacks. In remarks to the Senate Cybersecurity Caucus reported by Health IT Security, Robert Lord, founder of Protenus Data Security Firm, referenced a recent report that showed 70 percent of healthcare systems had documented a major breach.

Jennifer Covich Bordenick, eHealth Initiative CEO, similarly argued that many operate under the false impression that stringent data regulations in healthcare make the information difficult to access.

For starters, she pointed out, regulators are not checking to make sure that healthcare organizations which are required to abide by the Health Insurance Portability and Accountability Act (HIPAA) are in compliance: “There is no such thing as a HIPAA-certified organization. HHS does not go and certify organizations and say, ‘You are completely in compliance.’”

In recent years, however, patients have begun sharing healthcare information with a variety of third-party apps that aren’t subject to any data regulations. Bordenick described the hunt for data as the new “space race.”

“Whoever has the most data wins. Think about it: Think about the potential of bioterrorism that would take place if you discovered a certain population was susceptible to a certain German drug,” she said.

The average hacker, of course, is simply seeking a quick profit. And there’s no information more profitable than healthcare data. Experian, the credit report agency, told CBS earlier this year that patient records could sell for $1,000 online, compared with about $1 for Social Security numbers.

From: BenefitsPro