Story image

Are you accidentally leaking your employees' health information?

15 Jan 16

The theft of health information from non-healthcare organisations has become quite a problem, according to new research from Verizon, who says 18 out of 20 industries examined were affected.

According to the company, most organisations outside of healthcare do not realise they hold medical data, however protected health information can be found across most industries in employee records and wellness programs and are generally not well protected.

“Many organisations are not doing enough to protect this highly sensitive and confidential data,” explains Suzanne Widup, senior analyst and lead author for the Verizon Enterprise Solutions report.

“This can lead to significant consequences impacting an individual and their family and increasing healthcare costs for governments, organisations and individuals. Protected health information is highly coveted by today’s cybercriminals,” she says.

According to recent studies called out in the report, people are withholding information – sometimes critical information – from their healthcare providers because they are concerned that there could be a data breach, Widup says.

“Healthcare organisations need to realise that patients trust them with their data and if that trust is broken, the implications can be huge,” she says.

According to the report’s findings, medical record data is often taken with malicious intent; however, it is frequently the personable identifiable information (PII), like credit card and social security numbers, that attackers are really after in order to facilitate financial crimes and tax fraud.

Differences are also evident in how the breach occurs, Widup says.  The primary action of attack is theft of lost portable devices (laptop, tablets, thumb drives), followed by error, which can simply be sending a medical report to the wrong recipient or losing a laptop.

Third is misuse that can result from an employee that abuses his/her access to the information. These three actions make up 86% of all breaches of PHI data, Widup explains.

“In addition, the time to discovery most frequently falls into the months and sometimes years category,” she says.

“For those incidents taking years to discover, they were three times more likely to be caused by an insider abusing their LAN access privileges and twice as likely to be targeting a server, particularly a database.”

“While detailed health records make it easier for criminals to engage in both identity theft and medical billing fraud, the media and industry researchers continue to shine a light on the loss of highly personal data in order to bring much needed attention to this issue,” Widup says.

According to the study, nearly half of the population of the United States has been impacted by breaches of PHI since 2009. Furthermore, the FBI issued a warning to healthcare providers in early 2015 stating that the healthcare industry is not as resilient to cyber intrusions compared to the financial and retail sectors, therefore the possibility of increased cyber intrusions is likely.

“To help address this issue, Verizon offers insights and recommendations in the report on how to best protect data in addition to illuminating the fact that PHI data is contained in many more places than organizations realise,” Widup explains.

Dimension Data nabs three Cisco partner awards
Cisco announced the awards, including APJ Partner of the Year, at a global awards reception during its annual partner conference.
WatchGuard’s eight (terrifying) 2019 security predictions
The next evolution of ransomware, escalating nation-state attacks, biometric hacking, Wi-Fi protocol security, and Die Hard fiction becomes reality.
Rimini Street hits NZ shores with new subsidiary
The third-party support provider for Oracle and SAP has opened a new Auckland-based office and appointed Sean Jones as NZ senior account executive.
Why the adoption of SAP is growing among SMEs
Small and medium scale enterprises are emerging as lucrative end users for SAP.
Exclusive: How the separation of Amazon and AWS could affect the cloud market
"Amazon Web Services is one of the rare companies that can be a market leader but remain ruthlessly innovative and agile."
HPE extends cloud-based AI tool InfoSight to servers
HPE asserts it is a big deal as the system can drive down operating costs, plug disruptive performance gaps, and free up time to allow IT staff to innovate.
Digital Realty opens new AU data centre – and announces another one
On the day that Digital Realty cut the ribbon for its new Sydney data centre, it revealed that it will soon begin developing another one.
A roadmap to AI project success
Five keys preparation tasks, and eight implementation elements to keep in mind when developing and implementing an AI service.