In early February, Anthem Healthcare reported a data breach that may have affected up to 80 million customers, as many as 1 in 4 Americans. The estimates dwarf last year’s Community Health Systems breach by an order of magnitude. Last year’s litany of history-making breaches involved retail companies—Target, Home Depot, K-Mart, and the list goes on. Now experts are predicting that 2015 will be the year of the healthcare data breach. Why the shift? The answer to that question reveals what healthcare organizations must do to stem the tide. The factors are numerous, but the real mystery may be why it took so long for healthcare breaches to escalate.
Follow the Money
The switch by hackers from targeting retail systems to medical information systems is no mystery: it’s easier money. After years of increasing attacks, the financial industry has built out its defenses. While hackers managed to exploit vulnerabilities in point-of-sale systems in 2014, retailers and software vendors are moving to close those gaps. Meantime, according to Healthcare Dive, Symantec reports that healthcare cyberattacks increased 72 percent from 2013 to 2014. Stolen health records bring more money on the market. Bob Gregg, CEO of ID Experts, says that a name, address, social security number and a medical identity can be monetized quickly, bringing $20 or more each. And while financial businesses will quickly detect and shut down fraudulent activity, stolen healthcare information can go undetected for years (in part due to some of the privacy protections provided by HIPAA) and used in many profitable ways. It can be sold to uninsured people, used to get medical supplies and equipment that can be resold, or leveraged to submit fraudulent charges to insurers. Greg Virgin, CEO of the security firm RedJack, speculates that some of today’s hackers are using stolen data to extort money from healthcare organizations.
Read the full article here: Big Breach Targets: Why Healthcare, Why Now?