The high volume of healthcare data breaches of last year has continued into 2015, with the last three months seeing 91 million new victims created as hackers infiltrate healthcare databases and the industry resists implementing data encryption.
A Record Breaking Year for Healthcare Data Breaches
The healthcare industry is under attack from thieves. Cybercriminals were responsible for two of the largest data breaches ever recorded. Both incidents – the 78.8 million data breach at Anthem Inc., and the 11 million-record heist at Premera Blue Cross – were discovered this year, although the two health insurers had their computer systems infiltrated many months previously.
Hackers were able to steal more data from those two incidents than the total number of records exposed in healthcare data breaches in 2013 and not just hacks. The two mega HIPAA breaches of 2015 exposed more records than those compromised in 2013 by employee snooping, equipment theft, hacking incidents, improper disclosures and the improper disposal of records.
According to recent reports, the total volume of victims of healthcare data breaches in the past 8 years is 120 million, which puts into perspective just how bad 2015 has been so far. The data breaches of 2015 have resulted in 76% of the total number of breach victims that were amassed during the previous 95 months. Hackers are responsible for the creation of 90,707,372 victims, and that figure is just the total of the last 8 healthcare data breaches attributed to hackers.
The causes of the Q1 2015 data breaches were improper disclosure, improper access, theft of devices containing unencrypted PHI, improper disposal of PHI and the loss of devices, but hacking incidents are on the increase. Out of the last 10 data breaches reported to the Office for Civil Rights, 8 were caused by cybercriminals hacking into healthcare computer systems.
Cybercriminals are also using increasingly complex methods to gain access to servers and the PHI they hold. Viruses, malware, phishing and direct attacks on Firewalls are now all too common.
OCR Offers a Warning to CEs About Cybercrime
The Office for Civil Rights polices HIPAA, but it also issues guidance to help healthcare organizations comply with federal legislation and keep data secured. The threat from hackers is a difficult one to tackle, but OCR spokeswoman, Rachel Seeger, believes that threat is not going away.
She says that “Healthcare organizations need to make data security central to how they manage their information systems and to be vigilant in assessing and addressing the risks to data on a regular basis.” She also said that “These incidents have the potential to affect very large numbers of healthcare consumers, as evidenced by the recent Anthem and Premera breaches.” She, along with a host of industry experts, has predicted that the situation could be about to get a lot worse.
The Q1 2015 data breaches are unfortunately not an anomaly. Healthcare providers must therefore take fast and decisive action and implement a host of new security measures to ensure that the PHI they hold on their patients is secured, and that it is made harder for hackers to gain access to their computer systems.