Healthcare Attack Surface Growth will Increase Breach Risk

Healthcare attack surface growth is a major reason why healthcare data breaches in 2014 will be higher than in any past year, according to a new report from Experian.

The 2014 Data Breach Industry Forecast paints a worrying picture for healthcare industry data security, and suggests the industry is particularly vulnerable to attack. Furthermore, the data held on patients carries a high value on the black market, and there are plenty of individuals and groups willing to try to access to that data.

The report says, “The healthcare industry, by far, will be the most susceptible to publicly disclosed and widely scrutinized data breaches in 2014.”

Healthcare Attack Surface Growth Spells Trouble for Health IT Professionals

In a digital world, there are numerous potential avenues that hackers and other criminals can use to gain access to networks and healthcare data. Many hospitals and healthcare providers have now made the transition from physical files to electronic health records and mobile device use in healthcare is growing. Even medical equipment records and stores data, as do digital photocopiers and printers.

When it comes to cybersecurity, the areas that can potentially be used to gain access to data are collectively referred to as the attack surface. The move to EHRs and the use of new technology has seen the attack surface grow substantially. This is a problem when IT department budgets are tight.

“The sheer size of the industry makes it vulnerable when you consider that as Americans, we will spend more than $9,210 per capita on healthcare in 2013. Add to that the Healthcare Insurance Exchanges (HIEs), which are slated to add seven million people into the healthcare system, and it becomes clear that the industry, from local physicians to large hospital networks, provide an expanded attack surface for breaches.”

Experian is a credit monitoring bureau first and foremost, but it offers a range of services to help companies deal with the aftermath of a data breach. It reports that out of all the clients that have come to Experian for help, 46% were from the healthcare industry.

A Challenging Time for the Healthcare Industry

The report highlights a number of problem areas for the healthcare industry and they may take some time to be resolved. “Obamacare” promises to bring many benefits to Americans, but in terms of data security it causes major headaches. Data must be transmitted and shared and every person required to have access to that data is a potential breach risk. All it takes is one error by an employee to cause a data breach.

Physicians, nurses and other healthcare professionals are in the business of providing medical care for patients. They are not in the data management and cybersecurity business, and do not feel that they should have to devote time to dealing with data issues. Unfortunately, the transition to EHRs mean that all healthcare staff need to develop more technical knowledge and must devote some time to document keeping. It will take time for data security matters to become second nature, and at the present moment in time it is proving difficult for many to adapt to change.

Experian’s remediation group dealt with over 2,200 data breaches in 2013. In 2012, the company was called on to deal with 1,700 data breaches. With the increased risk and the high value of healthcare data, Experian’s remediation group is likely to be very busy this year.

Author: Richard Anderson

Richard Anderson is the Editor-in-Chief of