Groups » Why Is Data Theft Increasing in Health-care and What Can Be Done About It?

Health-care data breaches by criminals have resulted in loss of millions of dollars to health-care and other service providers in the health-care delivery chain. The valuable data that is lost, stolen or exposed inappropriately, results in a plethora of problems.

Criminal health-care data breaches have risen exponentially in the past few years. It can be appropriated to a variety of reasons ranging from increased digitization of health-care records to immense opportunities that the Dark Web now provides. According to Bitglass 2016 Healthcare Breach Report 1 in 3 million Americans were victims of data breach in 2015, affecting a total of more than 10 million hapless individuals.

Data breaches can lead to compromising confidentiality of individual health data making it easier for companies to deploy unfair marketing tactics to lure customers. The buyers of these data include pharmaceutical and drug manufacturers, health-care providers, money launderers, and fraudsters looking to dupe insurance agencies and tabloids.

Here are a few things that will help you understand the reasons why health-care data thefts are increasing:

Health-care Data Turns Very Lucrative

The cost per record breached was $154 on an average for all industries whereas it is $363 for health-care organizations.

The wealth of personal information available in individual health-care records includes SSN, date of birth, complete medical history and insurance details. Availability of this information makes it easy for criminals to steal identities and fake claims.

Stolen health records are 10 to 50 times costlier than credit card numbers. If a credit card breach or hack is detected all it takes is a phone call to cancel the card. But in the case of health data hack it sometimes takes months if not years to detect breaches. This gives identity thieves plenty of time to use the credentials of a person to make money.

Internet of Things (IOT) has made digital health data a goldmine of Personally Identifiable Information (PII), real-time health information, insurance, education, and family details. Personal and smart medical devices create a whole lot of real-time data that has made online chatter a part of health-care record, but it also made it much easier for criminals to snoop around and gather personal information.

Illegal data brokers also look to sell individual health records to scam artists and drug addicts on the dark Web.

1) Fix Leaky Cyber Security of Hospitals

Post Affordable Care Act and HIPAA (Health Insurance Portability and Accountability Act of 1996) hospitals have surprisingly paid less or inadequate attention to securing their networks, servers and patient data. Though all stakeholders have embraced digitization, not everyone has been careful securing their data storage solutions.

HIPAA aims at protecting the privacy of patient data but doesn't demand it's encryption. Firewalls and passwords help to a certain extent but  don't work when dealing with sophisticated hackers.

Patient data now lives in countless systems like in smart phones, mobile health devices, fitness trackers, and the cloud. Unsafe and insecure health apps collect patient data, share them with third-party service providers / advertisers, thereby leaving millions of health records vulnerable to breach. Private medical practices, insurers and HR databases of companies hold sensitive employees' health information. There are just too many loopholes in the system for hackers to worm in through.

If hackers mask malicious code in innocent-looking email messages, it is known as phishing. Ransomware is the oldest form of cyber attack in which a malware encrypts all files in the system making data inaccessible. Crypto-ransomware has gained popularity over the past couple of years and affected hundreds of thousands of systems. Spear and whale phishing are two common methods employed by hackers. Educating employees and clients  about phishing scams is the best thing to do to counter hacks.

2) Learn to Detect Data Breach

Data breaches go undetected for a long time and that is one of the biggest reasons why the monetary loss from a breach is so high.

It is important that your IT department or network security consultant detects breach in time. The inability to quickly detect breaches can be attributed to the focus on detection and response, rather than on prevention. Incident Response (IR) teams need to be trained to identify the tools used by criminals to sneak into systems and networks.

Large amounts of data leaving work stations and connections between workstations are two possible signs of breach. Health-care organizations also need to be on the lookout for file transfer applications, custom tunnels, remote desktop connections (RDC) and unauthorized proxies all of which are red flags indicating a potential breach.

3) Act Fast  on Detection

Once a breach is detected the next step is to find out the level of compromise. Data analysis, forensic analysis, data recovery and threat analysis are included in incident response management.

Targeted attacks resulting in loss of medical records and health data will require advanced actions. You will have to identify leaked data including personal identifiable information (PII) and protected health information (PHI) to determine actions regarding regulatory compliance and breach notification.

Data breach notification list will enable affected health-care organizations to send targeted messages to the victims, alerting them of the theft. Dallas Healthcare Law Lawyers will be able to help you reduce monetary loss and put you in defensible legal position, as well as help you do the best for customers affected by the breach.


Data breaches are so rampant that it is proving to be difficult for organizations to develop a sound security plan. But with the right security protocols and incident management procedures in place it will be possible for a health-care organization to reduce damages inflicted by data theft, both on itself as well as the hapless victims.

(Image Source)

Join this group! Login with facebook