Story image

Are you accidentally leaking your employees' health information?

15 Jan 2016

The theft of health information from non-healthcare organisations has become quite a problem, according to new research from Verizon, who says 18 out of 20 industries examined were affected.

According to the company, most organisations outside of healthcare do not realise they hold medical data, however protected health information can be found across most industries in employee records and wellness programs and are generally not well protected.

“Many organisations are not doing enough to protect this highly sensitive and confidential data,” explains Suzanne Widup, senior analyst and lead author for the Verizon Enterprise Solutions report.

“This can lead to significant consequences impacting an individual and their family and increasing healthcare costs for governments, organisations and individuals. Protected health information is highly coveted by today’s cybercriminals,” she says.

According to recent studies called out in the report, people are withholding information – sometimes critical information – from their healthcare providers because they are concerned that there could be a data breach, Widup says.

“Healthcare organisations need to realise that patients trust them with their data and if that trust is broken, the implications can be huge,” she says.

According to the report’s findings, medical record data is often taken with malicious intent; however, it is frequently the personable identifiable information (PII), like credit card and social security numbers, that attackers are really after in order to facilitate financial crimes and tax fraud.

Differences are also evident in how the breach occurs, Widup says.  The primary action of attack is theft of lost portable devices (laptop, tablets, thumb drives), followed by error, which can simply be sending a medical report to the wrong recipient or losing a laptop.

Third is misuse that can result from an employee that abuses his/her access to the information. These three actions make up 86% of all breaches of PHI data, Widup explains.

“In addition, the time to discovery most frequently falls into the months and sometimes years category,” she says.

“For those incidents taking years to discover, they were three times more likely to be caused by an insider abusing their LAN access privileges and twice as likely to be targeting a server, particularly a database.”

“While detailed health records make it easier for criminals to engage in both identity theft and medical billing fraud, the media and industry researchers continue to shine a light on the loss of highly personal data in order to bring much needed attention to this issue,” Widup says.

According to the study, nearly half of the population of the United States has been impacted by breaches of PHI since 2009. Furthermore, the FBI issued a warning to healthcare providers in early 2015 stating that the healthcare industry is not as resilient to cyber intrusions compared to the financial and retail sectors, therefore the possibility of increased cyber intrusions is likely.

“To help address this issue, Verizon offers insights and recommendations in the report on how to best protect data in addition to illuminating the fact that PHI data is contained in many more places than organizations realise,” Widup explains.

Yamaha unveils simplified UC deployments
"In this fast-paced world, meeting participants need to be able to feel comfortable and hear those on the far end clearly to brainstorm new ideas and accomplish goals."
French cloud giant sets up shop in two APAC data centres
OVH Infrastructure has expanded its public cloud services in the Asia Pacific (APAC) market operating from two data centres within the region.
Jobs of the future: Will humans outmatch AI co-workers
"Regardless of how the workforce changes, automation, data and algorithms will complement rather than replace human employees."
How IBM’s acquisition of Red Hat could impact your business
The acquisition is pending regulatory approval, but IBM expects the deal to close in the second half of 2019. 
SecOps: Clear opportunities for powerful collaboration
If there’s one thing security and IT ops professionals should do this year, the words ‘team up’ should be top priority.
Google doubles down on hybrid cloud strategy
CSP is a platform that aims to simplify building, running, and managing services both on-premise and in the cloud.
Why NSP adoption of ECX Fabric is on the rise
ECX Fabric aims to enable networks to streamline their access to the world’s largest cloud providers.
Cloud data warehouse trends and best practices
"TDWI sees a wide range of data-driven IT systems moving to the cloud aggressively, and this includes the data warehouse."