90% of firms in this industry were hit by a cyber-attack in past 2 years by Benjamin Lane

13/05/2015 06:40

Nearly 90 percent of US healthcare providers have been hit by a data breach since 2013, costing the industry an estimated $6 billion a year, according to the latest data from the Ponemon Institute.

Perhaps even more troubling is the fact that half of these breaches are believed to be criminal in nature.

According to the report, hackers are seeking access to patient medical records, which include personal data such as Social Security numbers, addresses, insurance IDs and medical details. Such data is reported to sell for as much as 20 times the price of a stolen credit-card number.

Hackers can then use that information to take out a loan, open up a line of credit or engage in medical identity theft.

“The healthcare industry is being hunted and hacked by the elite financial criminal syndicates that had been targeting large financial institutions until they realized healthcare databases are more valuable,” Tom Kellermann, chief cybersecurity officer at Trend Micro Inc., told Bloomberg.

The Ponemon Institute report echoes findings of an earlier study printed in the April issue of the Journal of the American Medical Association. According to researchers, there were more than 900 data breaches of protected health information affecting at least 500 individuals between 2010 and 2013.

More than 29 million records were affected by the breaches, with six involving more than 1 million records each. The majority were caused by criminal activity and, in total, account from more than 82% of all reported breaches in the years that were studied.

Despite this stark reality, half of healthcare firms surveyed by Ponemon said they didn’t have sufficient prevention strategies, technology to quickly detect a breach or an established game plan to respond to a hack.

And there may be problems on the insurance front, too.

According to cyber insurance broker Jack Elliott-Frey of Safeonline LLP, market capacity in the space is not yet where it should be.

“[The healthcare industry] is prone to damaging losses if personal health information and payment details are exposed,” Elliott-Frey told Insurance Business America. “There is a lack of capacity here as insurers are less inclined to underwrite organizations with large amounts of patient data.”

That isn’t encouraging, as cyber experts believe the security industry only discovers about half of the actual theft occurring in the healthcare sector.

“[It’s] the tip of the iceberg,” Patrick Peterson, CEO of security firm Agari Data, told Bloomberg.