Have you ever logged into an account you own, only to learn that there’s been a breach in that service’s security and your personal information may have been leaked to outside sources? This can be a common occurrence in our current cyberspace, and it extends past just the personal accounts and services we subscribe to. A perfect example of this is healthcare. Data breaches happen in health care just as much as anything else on the web, and it’s becoming a problem.
Data breaches in healthcare have been at an all-time high lately. The month of April 2019 had 44 reported breaches to the federal government, which is two breaches more than the previous record holder of April 2018. Luckily breaches don’t always mean that a person’s data has been exposed, as April 2019 reported to be a 29 percent decrease from people affected by breaches the month before. A lot of the time healthcare providers will be attacked by some sort of malware or virus. For example, the largest breach in April 2019 involved a ransomware attack known as GandCrab, and the second largest involved a virus which locked the providers out of accessing their files. Nearly two-thirds of healthcare organizations attributed their breaches to hacking or IT incidents in April.
Unfortunately, being hacked by someone on the outside isn’t always the way it goes down. The healthcare industry has many employees, whether they be doctors, nurses, or administrative staff. These employees are granted access to patient data in order to do their jobs, and a shocking amount of employees may actually be abusing this privilege. According to a report from Verizon, insider attacks were responsible for the majority of healthcare breaches in 2018. While typically external attacks are the primary force behind these types of attacks across the board, the healthcare industry is the industry one that has a higher amount of insider attacks. Medical data is 18 times more likely to be compromised than other types of data, and it’s 14 times more likely to be a healthcare professional such as a doctor or nurse when an inside force is involved.
Data breaches in healthcare will continue to be a problem just as they are in any industry. The most we can do is find ways to tighten security and be as preventative as possible. Some key ways to try to address these threats are to monitor access to the data, encourage reporting about things such as phishing emails, and improve processes to make sure that a simple mistake doesn’t equate to a breach. If we take these and other preventative measures, we can work towards protecting all patients personal data.