Experian credit bureau has released a new report that predicts that 2014 will see a surge in data breaches. The report also foresees that the healthcare industry will most targeted.
The report says that the reason healthcare is so attractive to hackers is the sheer size of the industry. There is what the report labels an “expanded attack surface for breaches,” due to new EHRs and Health Insurance Exchanges (HIEs), while the worth and volume of data held hakes healthcare providers attractive targets for hackers.
Experian provides credit monitoring services, but also helps clients to recover from data breaches. The company indicated that almost half of data violations that it dealt with last year were from the healthcare industry.
The report refers to a number of reasons why data breaches are expected to increase, and indicates it is mainly due to the huge organizational infrastructure changes that are needed under the Affordable Care Act, HIPAA, HITECH and other legislation together with general unpreparedness, a massive number of people who have access to data and general tightening of the rules surrounding data access.
However, many data violations are being caused accidentally. Doctors now have to become more involved in the document management process and they are not ideally equipped for that or prepared to take on the responsibility. Unfortunately, laptop computer theft and the loss of other devices is proving to be a major issue.
It is the low-tech data breaches which really must be focused on, although many organizations are concerned with avoiding highly sophisticated attacks using malware, viruses and complex phishing attacks.
The purchase of a firewall is very important, but some people then fail to turn it on. Anti-virus software is installed, yet not set to automatically install updates. Anti-malware software is not activated and rooms storing IT equipment such as network servers are left unlocked and with no active alarm. These are issues which must be immediately tackled to prevent data breach violations.
The report portrayed that out of the 2,200 violations, three in the top ten were caused by human error and careless security practices. Default logins and passwords not being amended or disclosures of passwords can, and do, lead to data violations.
The report placed the value of healthcare data at an estimated $12 a record, but some data is more valuable and if healthcare data is taken into account, records can sell for more than $50 – the reason being healthcare data enables criminals to commit insurance and medical fraud.
Due to the high potential of suffering a data breach it is essential that organizations get ready and have an active breach response plan. It is highly probable that it will need be put to use.
