In a world striving for better patient outcomes, the increased use of health technology and the adoption of wearables and the IoT – data breaches do little to instill confidence in patients or healthcare professionals.
PHI (Protected Healthcare Data) as the name suggests is “any information about health status, provision of health care, or payment for health care that can be linked to a specific individual. This can include any part of a patient’s medical record or payment history”. You can therefore understand the importance of safeguarding this data, unlike a credit-card, it is very difficult to change you individual healthcare data in the event of a breach!
There is also a growing market for PHI and health data. You may ask why? Some estimate the price of a stolen health record can fetch $10, more than 10 x the price of a stolen credit card. A recent data breach in the US saw the data of 39,000 patients disclosed through an E-mail Phishing Attack.
Dave Kennedy, an expert on healthcare security and CEO of TrustedSEC LLC said:
“As attackers discover new methods to make money, the healthcare industry is becoming a much riper target because of the ability to sell large batches of personal data for profit. Hospitals have low security, so it’s relatively easy for these hackers to get a large amount of personal data for medical fraud.”
There has been a surge in targeted phishing attacks against healthcare, with further phishing scams reportedly targeting some 80 million records.
As the use of IT, technology and IoT (Internet of Things) increases in healthcare – it is imperative, software vendors, device manufacturers, healthcare bodies and clinicians understand the risks, attack vectors and the security controls needed to safeguard patient data. The growing eco-system of players in the healthcare IT sectors is growing and along within their exposure to threats.