Data Breaches to Continue to Plague Healthcare in 2015

The healthcare industry will continue to be a vulnerable and attractive target for cybercriminals in 2015, thanks to the expanding number of access points to protected health information and other sensitive data via electronic health records and the growing popularity of wearable technology.

That’s the conclusion of Experian’s second annual Data Breach Industry Forecast, which predicts that healthcare will continue to be plagued with data breaches in 2015. Healthcare organizations accounted for about 42 percent of all major data breaches reported in 2014. “We expect this number will continue to grow until the industry comes up with a stronger solution to improve its cybersecurity strategies,” said Michael Bruemmer, vice president at Experian Data Breach Resolution, in a written statement.

“Healthcare organizations face the challenge of securing a significant amount of sensitive information stored on their network, which combined with the value of a medical identity string makes them an attractive target for cybercriminals,” states the report. “The problem is further exasperated by the fact that many doctors’ offices, clinics and hospitals may not have enough resources to safeguard their patients’ PHI.”

According to the firm, patients’ Medicare cards—often carried in wallets for doctors’ visits—are particularly vulnerable as they contain valuable information such as a person’s Social Security numbers that can be used for fraud if they fall into the wrong hands. Experian adds that it is “not aware of any federal or law enforcement agency which tracks data on SSN theft from Medicare cards, but the problem is widely acknowledged.”

In general, the firm emphasizes that healthcare organizations will “need to step up their security posture and data breach preparedness or face the potential for scrutiny from federal regulators.” Further, Experian forecasts that reported incidents may continue to rise as EHRs and consumer-generated data “add vulnerability and complexity to security considerations for the industry.”

Earlier this year, the FBI's Cyber Division issued a notice warning that healthcare systems and medical devices are at risk for increased cyber intrusions for financial gain. "Cyber actors will likely increase cyber intrusions against healthcare systems--to include medical devices--due to mandatory transition from paper to electronic health records, lax cybersecurity standards, and a higher financial payout for medical records in the black market," according to the FBI.

For reprint and licensing requests for this article, click here.