In 2014, Experian rightly predicted that healthcare related breaches would continue to grow in 2015. According to the Identity Theft Resource Center report, as of April 28th of this year, 93 healthcare breaches had been reported. While businesses across a number of industries have suffered from cyber attacks, the healthcare industry has been the hardest hit, with over 99 million records compromised.
According to Experian the potential cost of breaches for the healthcare industry could amount to as much as $5.6 billion annually. There is no doubt that healthcare organizations must recognize the importance of taking strong security measures. Healthcare organizations of all sizes need to take notice. In 2015, the Anthem breach was by far the largest but smaller healthcare organizations have been compromised as well.
Seton Family of Hospitals
In late February 2015, hackers attacked the Seton Family of Hospitals. They were able to steal Social Security numbers, names, addresses, dates of birth, medical information and insurance information on approximately 39,000 individuals. The hackers gained access to the data through an email phishing attack that targeted a number of employees email accounts.
In the aftermath of the incident, Jesús Garza, Seton Healthcare Family President and CEO stated, “It is our priority to support those who have been affected." In this vein the organization has taken additional measures to protect data from future attacks. These technological and physical safeguards are meant to protect both employee and patient data.
Saint Agnes: Phishing Breach
In April 2015, hackers were able to access the personal information of approximately 25,000 patients at Saint Agnes HealthCare Inc. As seen with the earlier Seton Family of Hospitals breach, hackers were able to leverage an email phishing incident that targeted employee email accounts. Once the hackers had access to the email accounts they were able to easily access protected health information. Information acquired included: patient names, date of birth, gender, medical record number, insurance information, and limited clinical information. Currently the healthcare organization is working with its email service provider to enhance security protocols.
The Anthem breach may have affected anywhere from 8.8 to 18.8 million records of parent company Blue Cross Blue Shield customers in addition to the Anthem customer records. Because healthcare records are valuable on the black market security experts have warned that the healthcare industry is particularly vulnerable to attacks.
The experts at Trend Micro believe that in 2015 “Cyber-criminals will go after bigger targets rather than home users as this can generate more profits for them. We will see more data breach incidents with banks, financial institutions, and customer data holders remaining to be attractive targets. Weak security practices like not using two-factor authentication and chip-and-pin technology continue to persist in the banking sector. These practices will cause financially motivated threats to grow in scale throughout the coming year.”
Improving Data Security to Prevent Data Breaches in 2015
In order to achieve a secure state and protect data from persistent hackers, organizations should work with security experts, such as Patriot Technologies. An IT organization that lacks security awareness or proper security management puts the entire organization at a greater risk for attack. Patriot Technologies works with best-in-class security technologies, such as Fortinet, and understands the unique security challenges that healthcare organizations face.