According to an article published last week by Reuters, 40% of healthcare organizations reported a criminal cyber-attack in 2013, which is a dramatic increase since 2009, when only 20% reported being attacked.
A major reason for the increasing attacks against the healthcare industry is that medical information typically contains data such as names, birth dates, policy numbers and billing information—and this data is much more valuable than stolen cred card data, up to 10 to 20 times more valuable on the underground exchanges where hackers sell the data.
Stolen health data can also be used to buy pharmaceuticals and even medical equipment, which can then be resold. Additionally, a patient ID number can be combined with a fraudulent provider number, which can then be used to file sham claims with health insurers.
Compounding the problem is that, unlike credit card data theft, medical identity theft can go unreported or unnoticed for years, giving criminals a much longer time to use the data. As the article states, “Healthcare providers and insurers must publicly disclose data breaches affecting more than 500 people, but there are no laws requiring criminal prosecution. As a result, the total cost of cyber-attacks on the healthcare system is difficult to pin down.”
This is a subject that should be top-of-mind for hospital executives beyond the IT department. To learn more, see the Reuters article here: