Data security company, Vormetric, has released the results of its recent Harris Poll 2015 Insider Threat Report in which the researchers determined there has been a 26% increase in healthcare HIPAA breaches over the past 12 months. The report also looks at HIPAA-compliance and the effect that it has had on data protection and the number of data breaches that have been suffered.
The results suggest that data security is largely driven by the need to comply with the Privacy and Security Rules of HIPAA. While only 54% of respondents reported that their main reason for protecting data was the need to comply with regulations, 68% said that HIPAA was “very or extremely effective at stopping insider threats and data breaches”.
However, what does not bode well for the industry is the admission of 48% of the survey subjects that their employers had either failed a HIPAA-compliance audit in the past 12 months or had suffered a data breach.
Rise in Healthcare HIPAA Breaches Due to the High Value of Patient Data
The report suggests that the reason for the rise in the number of healthcare HIPAA breaches is the simply the value of the data held by HIPAA-covered entities. The data can be sold for far more than stolen credit card numbers, which sell for around $0.50 each. Healthcare data can sell for tens or even hundreds of dollars a record, and the more detailed the information, the higher the value. When medical insurance details, Social Security numbers, personal identifiers, dates of birth and medical information is obtained, thieves can make insurance claims, fraudulently receive expensive medical treatments, obtain prescriptions and commit identity fraud, all of which can prove to be highly lucrative.
The increase in the threat level and the volume – and extent – of the reported data breaches in healthcare in recent months appears to have triggered a switch in priorities, with many IT professionals saying that their main priority now is the prevention of data breaches, rather than the need to comply with HIPAA regulations.
53% of respondents said that it was now the prevention of data breaches that was their top priority, with 39% saying it was HIPAA-compliance and 38% the protection of assets. 63% reported that the current threat level has forced their organizations to re-address budgets and allocate more funding to data security measures to prevent attacks.
Cybersecurity defenses are being improved which is good news. The bad news is the healthcare industry is not prepared to deal with the current wave of attacks and lacks the security measures to properly protect data. 49% said that their organizations were very or extremely vulnerable to attack. It is not only the external threat which is perceived to be a problem. According to 62% of the IT professionals surveyed, they believed the most dangerous insider risk came from privileged users.
Unless security vulnerabilities are addressed and money is invested in improvements to cybersecurity defenses there are likely to be a great deal more healthcare HIPPA breaches reported by the time the next Insider Threat Report is released a year from now.