Health Data Increasingly at Risk for a Cyber Attack, Experts Contend
The healthcare industry’s late-to-the-party approach to cybersecurity renders patients’ and providers’ protected health information (PHI) vulnerable to data terrorists, healthcare security experts warn.
While healthcare data breaches have been widely reported—the government has already issued fines in excess of $10 million in the last year—critics charge that healthcare lags behind the banking, finance, and credit card industries in preventing criminal cyber attacks. Health information security experts contend that a privacy breach on the scale of the retailer Target’s last year, is inevitable. The critics also argue that health IT and health information management (HIM) professionals are overly focused on privacy and confidentiality, according to a Politico report.
Robert Wah, president of the American Medical Association and chief medical officer at the health technology firm CSC, told Politico that thieves are willing to pay $500 for an individual’s health records on the black market, compared to $1 for a person’s social security or credit card number.
According to Wah, “criminal elements will go where the money is. They’re seeking health records not because they’re curious about a celebrity’s blood type or medication lists or health problems. They’re seeking health records because they can do huge financial, fraudulent damage, more so than they can with a credit card number or Social Security number.”
The article points to statistics from the US Department of Health and Human Services (HHS) that shows one in 10 Americans have had their health information exposed since the agency started tracking these numbers in 2009.
“Threats are far more sophisticated than the breach reporting, which is kind of a trailing indicator,” Reza Chapman, senior manager of EY’s Health Care Advisory practice, told Politico. “Some organizations have a little more of a sophisticated threat problem that they may not frankly be aware of.”