A leading enterprise cloud security provider, iSherrif, has recently released a new analysis of data breach statistics which suggest that almost 45% of Americans have now become victims of at least one healthcare data breach in which their sensitive data was exposed. The total number of records exposed over the past five years has now reached the startling figure of 143 million, in a country with 318.9 million residents.
A substantial percentage of the victims were created in just a handful of large-scale security incidents. The Anthem cyberattack exposed 78.8 million records, the Premera cyberattack resulted in 11 million records being obtained by cybercriminals, Community Health Systems was attacked and criminals obtained 4.5 million records and another 4.5 million records were exposed in the recent UCLA Health cyberattack.
The analysis by the enterprise cloud security provider is likely to underestimate the severity of the current cybersecurity crisis. The data was obtained from publically available resources; however not all data breaches are reported, breach reports are often delayed, and there are likely to be many data breaches that have occurred but have not yet been discovered. It took Anthem and Premera several months before their data breaches were identified.
The white paper produced by the enterprise cloud security provider includes references to recent cybersecurity studies, including a recent Bloomberg News report that indicates that as many as 90% of healthcare providers have now suffered a data breach in the past two years. A HIMSS survey was also cited that shows that 64% of healthcare organizations have suffered a data breach in the past 12 months. The report says the healthcare industry is now the most attacked industry sector, behind even the financial and retail industries.
The white paper suggests several factors that have contributed to the rise in data breaches in recent years. The most significant issue is the rapidly evolving threat landscape, which makes it difficult for healthcare IT professionals to address all vulnerabilities before they are exploited. It has been suggested that point products create gaps in security posture, and an increasingly mobile workforce means mobile devices are used in risky environments. Unfortunately, while all issues can be tackled, budgetary constraints remain a major issue. There is simply not enough money available do deal with all of the threats.
iSheriff’s COO, Oscar Marquez, pointed out the worrying reality of the current cybersecurity environment. He said, “If Anthem – with annual revenues of over $60 billion – can be breached, the sobering reality is any healthcare organization collecting and storing patient data is vulnerable. The targets span the smallest physician practices, clinics, and labs to regional hospitals, HMOs and PPOS, and the largest national providers.”
The only option is to keep revisiting policies and procedures, conducting regular risk assessments and investing more funds into data security protections. It may not be possible to prevent a breach, but it is possible to reduce the probability of an attack being successful.