Just a few years ago, retailers and financial institutions were the prime target among hackers. Now, however, there's a disturbing new trend in which hackers are targeting healthcare providers. According to a recent study conducted by the market research firm Ponemon, nearly 90% of US healthcare providers have been hacked in the past two years.
Of course, this should come as little-to-no surprise if you keep up with the news. We've seen some of the country's largest healthcare providers confirm that they had been the victim of cyber attacks. Anthem, Inc., for instance, is one such provider who revealed earlier this year that hackers had accessed millions of sensitive files.
What's even more alarming, however, is the fact that nearly half of the healthcare providers that were hacked over the past two years ago were criminal in nature. In other words, the unauthorized access and/or use of sensitive patient data was the deliberate, with the individual or individuals behind the attack having nefarious purposes.
Trend Micro's Tom Kellerman said the healthcare industry is “being hunted” by the same hackers who had targeted financial institutions.
“The healthcare industry is being hunted and hacked by the elite financial criminal syndicates that had been targeting large financial institutions until they realized health-care databases are more valuable,” said Tom Kellermann, chief cybersecurity officer at Trend Micro Inc.
This begs the question: why are hackers targeting healthcare providers instead of financial institutions? One of the reasons for this trend is the lack of security in the healthcare industry. The federal Health Insurance Portability and Accountability Act of 1996 lays out Rules that healthcare providers must follow to protect their patients' data from unauthorized access. However, many providers either don't know or don't follow these rules, placing their patients' data at risk for disclosure.
Another reason why healthcare providers have become the preferred target of hackers is because the stolen data can be used for a variety of purposes. Hackers can obtain loans and lines of credit in the healthcare patient's name, or they can sell the information on the black market. There's also some belief that hackers are using stolen data to file fax tax returns.
The bottom line is that healthcare providers need to take a proactive approach towards cybersecurity. Turning a blind eye will only allow the problem to become worse. By familiarizing yourself with HIPAA's Rules and implementing the necessary safeguards into your practice, you'll reduce your risk of being attacked while ensuring your practice is compliant with HIPAA.