In 2021, there were several healthcare data breaches, and it’s disturbing. Such breaches with sensitive medical data must be neutralized at all costs.
What happened in 2020?
In 2020, a report was issued on the state of Healthcare Cybersecurity. This report was based on survey results from more than 2,400 professionals that dealt with the security of 700 plus healthcare organizations. These professionals were told to report and identify loopholes, inefficiencies and vulnerability of the security system that protects health data in hospitals.
Deficiencies in the security process leave hospitals, doctors and patients susceptible to data breaches and all kinds of attacks through the internet. Therefore, the aim was to get an insight into areas that need improvement.
The outcome of the survey/report
According to the report, over 1,500 healthcare providers were exposed to data breaches. These entities had sensitive data equal to or more than 500 records each. According to security services, that is estimated to be about a 300% increase in data breaches risk just within a year.
Actually, about 75 percent of all the healthcare facilities and other types of physician centers are very exposed to attacks as these healthcare providing facilities are not well-equipped to handle cyber-attacks. Most of these healthcare providers accept that in view of the attackers getting more skillful, they do not have an established defense mechanism.
The need for skillful professionals to protect against data breaches
Cybersecurity experts and professionals were found to be in shortage as compared to professionals in other IT fields. Compared to what is demanded by healthcare facilities and personnel needs, there is just not enough protection and this is becoming a very dangerous situation. Attacks are going on and besides stealing sensitive data, there have been reports of ransomware activities.
These ransomware attacks increased because doctors needed their data records on patients and agreed to pay whatever the ransoms were. This led to a sudden increase in such attacks by hackers.
Unfortunately, there is a lack of interest in the field of cybersecurity. The main reason being that a chief information security officer (CISO) is fully held responsible for healthcare data breaches, irrespective of the fact that such a breach may not only affect the finances of the healthcare organization, but also its reputation. Furthermore, all the sensitive medical data on the hardware and in the software is compromised.
Unwillingness of professionals towards this field may also be attributed to the fact that there are a lot of discouraging factors including the limited technology used to defend the care centers and medical staff, advanced technologies that are being developed by hackers, extreme limits in authority that can be exercised by the professional cybersecurity personnel, and all the related policies.
The present situation of healthcare data breaches
Things started changing by the end of 2020. Just in January, it was noticed that the healthcare data breaches have been going down. Now, breaches have reduced by approximately 48%. Starting from December 2020, data breaches have been steadily going down. From about 60% attacks in December to about 32% attacks in January, a total of 4,500,000 records were breached in January.
The largest breach in January
The healthcare data breach that took place at the Florida Healthy Kids Corporation was the largest data breach that ever happened. It was reported by the Health Plan but it really took place at one of the healthcare business associates. This business associate was hosting the Health Plan website and also a software application for the organization. This business had badly failed to have any proper security in place and failed to detect breaches that were going on for at least seven years.
A total of 18 states were affected by healthcare data breaches. Florida, with 6 breaches, was the most affected.
The types of healthcare data breaches
The typical kinds of breaches are hacking, IT hacking, IT incidences, website hacking, web application hacking, ransomware activities, phishing attacks, BEC attacks, unauthorized accessing and disclosures, EHR systems getting affected/interfered with and Electronic medical records getting affected.
The devastating effects of these data breaches
1 in 4 persons in the country have had his/her medical data stolen from some electronic system/ application either from the person’s residence or directly for a healthcare facility. And it costed the victim about $2,000 or more.
Most of these people learnt about the theft through discrepancies in their credit card statements or through their benefits explanation statements.
What gets stolen are usually social security numbers, contact information and medical data.
It’s very disturbing for everyone. People are usually just changing their healthcare facilities. It is disturbing to all healthcare facilities to a very large extent. Healthcare centers and doctors can easily get lawsuits filed against them and vital information that is suddenly corrupted or missing could cost a patient’s life.