Data breaches have become increasingly prevalent over the past few months, with major retailers, health insurance providers, pharmacies, and other organizations reporting them. But a new study published by the Ponemon Institute found that most data breaches are the result of criminal attacks, not accidental disclosure or technical malfunction.
Researchers at the Ponemon Institute say hackers are placing their crosshairs on healthcare organizations and their respective business associated due to the enormous amount of sensitive data they contain. A typical health insurance provider, for instance, may have customers' names, addresses, birthdates, phone numbers, social security numbers, annual income, and more. Once this data is acquired, it's often sold on the black market to other individuals or organizations with nefarious intent.
Each year, researchers at the Ponemon Institute conduct a study of privacy and security trends regarding sensitive data in the healthcare industry. In its most recent study, researchers found that criminal hack attacks, such as the use of malicious software and phishing, have taken over as the leading cause of data breaches. This is in stark contrast to previous years, in which lost devices was the leading cause of data breaches.
To put the problem of criminal data breaches involving the healthcare industry into perspective, the Ponemon Institute estimates that these attacks have increased by 125% from just five years prior. Furthermore, medical identify theft has doubled during that same time period.
Why are hackers going after healthcare institutions? Well, researcher attribute this disturbing trend to two primary factors: first, healthcare organizations contain a treasure trove of sensitive data that can be resold on the black market. Second, healthcare organizations often lack the necessary resources and technologies to fully protect their patients' data. This is why it's important for all healthcare facilities and covered entities to implement safeguards to protect their patients' data from unauthorized access and use.
"We are seeing a shift in the causes of data breaches in the healthcare industry, with a significant increase in criminal attacks. While employee negligence and lost/stolen devices continue to be primary causes of data breaches, criminal attacks are now the number-one cause," said Dr. Larry Ponemon, chairman and founder, Ponemon Institute. "Since first conducting this study, healthcare providers are starting to make investments to protect patient information, which need to keep pace with the growing cyber threats."