I was scanning headlines the other day and noticed one that warned that medical records will be the next big target for hackers. The article focused on a new report that shows how poor cybersecurity is within the health care industry, from hospitals to insurance companies.
It’s important information that needs to be shared, but I think we are five years or so too late with the warnings. As an eSecurity Planet article pointed out, since 2009, nearly 30 million Americans have been affected by a breach or cybersecurity breakdown within the health care industry, and it is getting worse. The article stated:
In 2013 alone, according to the report, 199 PHI [Protected Health Information] data breaches were reported to the U.S. Department of Health and Human Services, impacting more than 7 million patient records — that’s a 138 percent increase over 2012.
Next big target for hackers? More like a long-time target that is finally getting some attention in large part due to the recent retail breaches. All of a sudden, the general consumer is concerned about the safety and privacy of the data they share.
But the new report from Norse Corp. and the SANS Institute comes at an interesting time. England was planning to roll out a huge national medical and patient database, but a few days ago announced that the project was being stopped. Citizens were against the creation of the massive database because of privacy fears, and the government agency behind the project has said there would be more effort spent in explaining the reasons why the database will be so helpful for medical research. However, the agency has also admitted that security of the database just wasn’t very good and would likely be vulnerable to hacking attempts.
Why has the health care industry been so vulnerable to cybersecurity problems? According to an article published by Fox Business, the problem is three-fold:
- Patient privacy isn’t a concern within IT (I find that astonishing, especially considering the long history of industry breaches)
- Too much human error
- Ignoring or not understanding insider risks
To be honest, the cybersecurity problems faced by the health care industry are no different than those faced by any other industry. But it is disingenuous to pretend that this risk of breaches is a new concern.