The U.S. Department of Health and Human Services put together a database of health care breaches that affected 500 or more individuals. The first date in the database is October 21, 2009, a breach caused by the theft of paper files or films. There are more than 1,500 data breaches listed in this database. More than 250 occurred in 2015, and 2016 may be even worse – I counted nearly 60 as of April 1.
The early breaches involved theft or loss of paper medical records or computers. The type of breaches in 2016 are primarily “Hacking/IT Incident” and “Unauthorized Access/Disclosure.” More frequently, these breaches are happening via mobile devices other than laptops. Expect this number to increase as more people in the health care industry are relying on mobile devices to connect with patients, patient data, and to health care networks.
A new study from Skycure found that 80 percent of doctors use mobile devices for work and 28 percent store patient data on these mobile devices, but at the same time they aren’t doing much about securing that information. As Dark Reading reported, a surprising number aren’t even taking the most simple (and obvious) security step of using a passcode to lock the device nor updating its software. Also, the study estimated that 27.79 million devices with medical apps installed might also be infected with high-risk malware.
As if there weren’t enough concerns regarding the health care industry and its security, doctors are now unwittingly putting their patients at even greater risk of having their personal information and medical records compromised.
As Adi Sharabani, CEO of Skycure, said in a formal statement, mobile devices are a favorite – and very large – attack target for cybercriminals, and now doctors appear to be playing right into their hands, making it way too easy for this sensitive and lucrative data to be stolen. Sharabani added:
Unlike desktop and network security, mobile security is often the weakest link in the security chain. Healthcare is one place where it is clear that one compromised device puts more than just the device owner’s data and identity at risk.
In a single month, one in five (22 percent) of mobile devices will be at risk of a network attack. This figure nearly doubles to 39 percent after four months.
Let’s go back to those statistics I pointed out in the beginning of this post. There have been about 60 breaches in the first three months of this year that resulted in the compromise of personal information for a minimum of 500 patients. If we’re seeing an increase in mobile device use without a boost in security measures, I can’t even imagine what the next three months or final total of 2016 will be. When will security become a real priority in the health care industry?
Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom's Guide. You can reach Sue via Twitter: @sueporemba.