Why Health Data Must Be Protected
Health data is a prime target for hackers, yet it is easily protected. This is because human error is what causes the most number of health data breaches. In 2018, the global healthcare industry experienced more cybersecurity issues than any other industry. This is because health data is full of opportunities to exploit data.
Interestingly, health sector’s experience of stolen, or lost information comes from malicious attacks. This includes phishing, ransomware and other social engineering tools. These act on human emotions to either send information directly to the attacker or allow access to systems via the clicking of a link within an email, for example.
What health data are hackers most likely to steal?
Meanwhile, according to the Australian Information Commissioner’s Notifiable Data Breaches Quarterly Report to 30 September 2018, human error equates for 48% of all health data breaches in Australia. Nearly half of all instances include lost personal identifiable information.
For instance, personal data includes:
- Personal details such as the person’s name, address, email
- Financial details such as how much the person earns, credit ratings
- Medical details about a person’s mental or physical health
- Details about a person’s ethnicity, political opinions, religious beliefs, or sexual life
- Images or voice recordings of a person
- Employment details
- The IP address of a person that visits a website
- Criminal records or alleged offence
- Biometric data or
- Location data.
Healthcare data is managed using technology such as healthcare CRMs (HCRM), electronic health records (EHR) and in addition to other data management tools. These systems allow medical professionals to store patient information electronically, making the recording process simple for authorised individuals. With this technology in place healthcare organisations can develop a 360-degree profile of patient. This entails everything from the patient lifecycle to consumer profiles, preferences, and behaviours.
With medical practices holding this type of data, it means the healthcare industry is very attractive to hackers and in the US, especially, the trend is worrying. Health firms have suffered a record of 365 data breaches in 2018, up from 2017’s high of 358.
Research suggests that the 1st cause of a breach is theft by outsiders/hackers, making up about one-third (32.5%) of the problem. The 2nd major cause comes from employee mailing mistakes (10.5%), followed by theft from ex or current employees (9%). This makes more than half (53%) of all breaches coming from inside the organisation, a huge business risk.
“Today, the reality of breaches means you need to be assuming a breach is in your environment at all stages,” Vincent Weafer, chief operating officer and CTO of TriagingX, told Healthcare Dive.
The consequences of healthcare breaches cost organisations significant amounts. Majority costs being for identity service providers, damage costs, prevention of future breaches and legal counsel. In accordance with the General Data Protection Regulation (GDPR) requirements, companies that deal with European Union (EU) citizens data will be required to pay fines reaching up to 4% of their annual turnover.
In a 2015 survey conducted by IBM, the Ponemon Institute reported, individuals want their healthcare organisations to adopt proactive methods to finding and preventing medical
identity theft. 79% of survey participants state the importance of the privacy of their medical information. 48% participants mentioned they would consider changing healthcare provider if their information is stolen.
It’s increasingly important to take the right measures to protect your data. From encrypting devices and restricting use when they stored Protected Health Information (PHI) data, to strengthening network firewalls and monitoring access, every step of the cyber security journey must be considered in order to make a healthcare provider cyber safe.
This includes having a plan in place so you know how to protect against cyber security breaches and how to plan for them. It’s why ResilienceTec includes cyber security planning as part of its software to enable medical practices in NZ and Australia to protect their data.
Strengthening cybersecurity capabilities, improving security, and building resilience shows organisational preparedness. As a medical organisation, you want to show patients that their data can be trusted in your hands by always having an updated, effective plan.
Interested in finding out how ResilienceTec will help you protect your patient data?
Contact us today.