Analecta Cyber Company Blog: Healthcare Data Security and Hackers

2016-04-27

Healthcare Data Security and Hackers

Nowadays, attackers are becoming more and more capable of gaining access to numerous computer networks. The trend of digitizing patient information helped the medical industry to hasten processes, especially in treatment. They've also facilitated a more efficient and more effective ways of preventing diseases.

On the other hand, further digitization of data in the healthcare industry has caused difficulty in securing them. The bulk of digitized sensitive information of patients can now be located in hospital servers, making it easier for hackers to target this personal health information. This was confirmed in reports related to cyber attacks, citing the healthcare industry as the most targeted sector during 2015.

To date, over 100 million medical records have been compromised by these cyber attacks. And in one of the major attacks that happened a year ago, the breach on Anthem’s network lead to 70% of all of their records being compromised.

Valuable health information

It is believed that several reasons contribute to why there is an increasing trend in healthcare facility attacks. One of which is the availability of Electronic Health Records (EHRs). This type of information attracts hackers to specifically target the medical industry. Unlike credit cards which can be blocked right away, the medical information of patients can be used anytime by attackers on any deceptive activities like insurance fraud, identity theft, and even extortion, plus the fact that the healthcare data converts to an extremely high value in the black market.

Another reason is that fast transition into digitization of health records had left the aspect of employees' security awareness and hospital management behind. This means that hackers can infiltrate these data with ease regardless of their skill level.

With the hospital's main priority of treating patients, the "security department" was always neglected and underfunded. This brings about the deficiency in security professionals protecting and managing the healthcare's sensitive information. Additionally, if hospital's indeed have the personnel to do these tasks, they were usually not sophisticated enough to handle cyber attacks.

This development in the medical industry should serve as a wake up call to everyone that security should always be treated as a vital aspect of the organization. And that allocating more resources to data protection will be beneficial in the long run, not only to the patients but also to the entire organization.