In-brief: The new year won’t bring relief for the healthcare industry, which faces a range of new, sophisticated attacks seeking paydays and access to electronic health records, a new survey by Experian finds.
We know that 2015 was the year of the healthcare breach. So was 2016. And now it looks like 2017 might be the year of the healthcare breach, also!
(Editor’s note: this article first appeared on Digital Guardian’s Data Insider Blog. You can read the full post here.)
That, according to a report released this week by Experian, the credit rating agency and identity protection firm.* The healthcare sector will continue to be “a focal point for hackers,” Experian said on Monday, noting that healthcare organizations will face threats from medical identity thieves as well as criminals running ransomware scams.
The healthcare sector, including insurance firms, hospitals and doctors’ offices, has long been a prime target for cyber criminals and even nation-state actors. The breach of systems operated by Anthem Healthcare in 2015 was attributed to attackers based in China. Attacks on healthcare organizations by sophisticated actors have been ongoing for years. In 2014, an investigation of a hack at the hospital chain Community Health Systems also pointed to hackers operating out of China.
Attackers’ focus on healthcare firms makes sense. The Affordable Care Act created massive new incentives for hospitals and doctor’s offices to migrate from paper record keeping to so-called “electronic medical records” or EMR and to join larger networks of providers, known as “Accountable Care Organizations” or ACOs, that can coordinate patient care. That has tended to consolidate data from scores or even hundreds of providers onto common and (often) web based EMR systems. A 2014 report from The Ponemon Institute found that 69 percent of organizations surveyed believed the ACA increases the risk to patient privacy and security.
Experian cites many reasons for this…
You can read the rest of the article here: 2017 Will Be the Year of the Healthcare Breach (Again) | Digital Guardian
(*) Correction: an earlier version of this story incorrectly stated that the report was compiled in conjunction with The Ponemon Institute. It was not. PFR 12/5/2016