Health care breaches are expected to persist in 2015 due to multiple vulnerabilities and the high value of protected health information (PHI) on the black market. Health care organizations face the challenge of securing a significant amount of sensitive information stored on their network which, combined with the value of a medical identity string, makes them an attractive target for cyber criminals. The problem is further exasperated by the fact that many doctors' offices, clinics and hospitals may not have enough resources to safeguard their patients' PHI. In fact, an individual's Medicare card — often carried in wallets for doctors' visits — contains valuable information like a person's Social Security number (SSN) that can be used for fraud if in the wrong hands. Currently, Experian Data Breach Resolution is not aware of any federal or law enforcement agency that tracks data on SSN theft from Medicare cards, but the problem is widely acknowledged.
This year, Reuters reported that the FBI released a private notice to the health care industry warning providers that their cybersecurity systems are lax compared to other sectors. A memo reportedly stated, "the healthcare industry is not as resilient to cyber intrusions compared to financial and retail sectors, therefore the possibilities of increased cyber intrusions is likely." According to the Ponemon Institute, 72 percent of health care organizations say they are only somewhat confident (32 percent) or not confident (40 percent) in the security and privacy of patient data shared on health information exchanges (HIEs).
With the end of the year fast approaching, now is an apt time to reflect back on 2014 and look ahead to what's to come next year. For the data breach industry, 2014 was an explosive year with nearly half of all organizations suffering at least one data breach – up 10 percent from the year prior. This has resulted in companies taking positive initial steps to prepare for a breach, but much remains to be done.
To help businesses prepare for what is on the horizon, Experian Data Breach Resolution has developed six key predictionsabout how the data breach industry will evolve in 2015. These predictions are based on experience helping more than 3,000 companies manage breaches of all types in 2014 and conversations with leaders across the security landscape.