Focus: Cybersecurity

Why are there so many security breaches in healthcare?

By Andriana Moskovska / Special to Healthcare Facilities Today
July 8, 2019

Cyber attacks have become a bigger threat than ever before. Cybercriminals steal billions of dollars every year, and large scale hacks can now cost millions of dollars to industries worldwide. Everyone even marginally acquainted with cybersecurity knows what happened to Yahoo just a few years ago - millions of accounts compromised and a reputation forever tarnished.

What’s more:

It seems that no one is safe from the looming cyber threat. Education, business, energy - you name an industry, and it’s bound to have a swarm of cybercriminals looking for a weak spot. This is the reason why cybersecurity has grown so much over the last few years and why many hold it in such high regard.

But there’s one industry that has consistently failed to take proper cybersecurity measures: healthcare.

As of late, healthcare has taken the brunt of the cyber onslaught. Most of you reading this know about the Quest Diagnostics fiasco. And just a day after that took place, the news about LabCorp came to light. Both companies lost millions of dollars worth of data.

Going further back, healthcare has often made headlines for the same reason. But what is the cause of this phenomenon? Why are healthcare services targeted to this extent? And why can’t they fend off the hackers?

Here are some of the main reasons:

  • The value of PHI (Personal Health Information) over PII (Personal Identifiable Information) - Something a hacker will always go after is value. Data that can be used for fraud or blackmail is his bread and butter. And PHI can be very useful. Estimates point to PHI being worth over $300 on the black market, many times more than PII. 

You might be wondering:

“Why is PHI so valued in criminal circles?” 

The main reason is that it holds much more sensitive information than PII. A person’s medical history will allow a hacker to manipulate them or those around them to a greater extent than their Social Security number. For instance, the criminal might get a hold of someone’s prescription and then resell the medicine. 

Seeing that PHI is worth so much, it’s only natural that attackers try their damnedest to compromise this kind of information. And that logically leads them to set their sights on healthcare institutions more often than on other industries.

  • Declining security standards - Security for healthcare organizations has seen less and less stringent standards in recent years. In the US, HIPAA (Health Insurance Portability and Accountability Act) reduced the tolerated conformance threshold from 74 to 72% in 2018. In essence, healthcare businesses get to play fast and loose with safety regulations to a greater degree than before.

  • HIPAA has very well-established guidelines for making health providers more likely to report breaches than most other sectors.

  • Lack of security budgets - Strangely, healthcare firms have bumped cybersecurity down their list of priorities. Meanwhile, the number of cyber attacks specifically affecting them has gone up. So what’s the rationale behind this?

Here’s the thing:

Many organizations of this stripe claim they can’t meet the modern technological demands the cyber arms race has set. The attacks are getting bigger and badder at a rate cybersecurity can’t keep up with. In turn, many firms simply don’t bother with keeping their measures up to snuff. In their minds, there are other pressing matters that require more assets.

So is there any hope for improvement? 

Sadly, it’s not likely.

The way things are going at the moment, there is little to promise any change for the better. The current aggressive climate in the cybersecurity world makes many healthcare businesses unwilling to invest heavily in defenses that might not even work in the near future - if at all. In fact, the future might even be worse than what we’re seeing today.

Andriana Moskovska is a tech blogger and contributor at techjury.net

See the latest posts on our homepage


Share

Topic Area: Security


Recent Posts
Recent Posts
Focus: Infection Control

Cancer patient forced to stop chemo early because of rare hospital infection


Three children had contracted infections while being treated for cancer at Glasgow's Queen Elizabeth University Hospital

9/16/2019

Electrostatic sprayers can help control infections, save time


Machines allow janitors to sanitize and disinfect high touchpoints every day

9/16/2019

G4S Named Outstanding Contract Security Company by the OSPAs at GSX


9/16/2019

Hines Celebrates Sustainability from the Ground Up with Eighth Report


9/16/2019

Yanmar Completes Acquisition of North American Loader Manufacturer ASV Holdings


9/16/2019





Post Comment




FREE
NEWSLETTER

News & Updates • Webcast Alerts • Building Technologies

All fields are required.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.