Story image

Are you accidentally leaking your employees' health information?

15 Jan 16

The theft of health information from non-healthcare organisations has become quite a problem, according to new research from Verizon, who says 18 out of 20 industries examined were affected.

According to the company, most organisations outside of healthcare do not realise they hold medical data, however protected health information can be found across most industries in employee records and wellness programs and are generally not well protected.

“Many organisations are not doing enough to protect this highly sensitive and confidential data,” explains Suzanne Widup, senior analyst and lead author for the Verizon Enterprise Solutions report.

“This can lead to significant consequences impacting an individual and their family and increasing healthcare costs for governments, organisations and individuals. Protected health information is highly coveted by today’s cybercriminals,” she says.

According to recent studies called out in the report, people are withholding information – sometimes critical information – from their healthcare providers because they are concerned that there could be a data breach, Widup says.

“Healthcare organisations need to realise that patients trust them with their data and if that trust is broken, the implications can be huge,” she says.

According to the report’s findings, medical record data is often taken with malicious intent; however, it is frequently the personable identifiable information (PII), like credit card and social security numbers, that attackers are really after in order to facilitate financial crimes and tax fraud.

Differences are also evident in how the breach occurs, Widup says.  The primary action of attack is theft of lost portable devices (laptop, tablets, thumb drives), followed by error, which can simply be sending a medical report to the wrong recipient or losing a laptop.

Third is misuse that can result from an employee that abuses his/her access to the information. These three actions make up 86% of all breaches of PHI data, Widup explains.

“In addition, the time to discovery most frequently falls into the months and sometimes years category,” she says.

“For those incidents taking years to discover, they were three times more likely to be caused by an insider abusing their LAN access privileges and twice as likely to be targeting a server, particularly a database.”

“While detailed health records make it easier for criminals to engage in both identity theft and medical billing fraud, the media and industry researchers continue to shine a light on the loss of highly personal data in order to bring much needed attention to this issue,” Widup says.

According to the study, nearly half of the population of the United States has been impacted by breaches of PHI since 2009. Furthermore, the FBI issued a warning to healthcare providers in early 2015 stating that the healthcare industry is not as resilient to cyber intrusions compared to the financial and retail sectors, therefore the possibility of increased cyber intrusions is likely.

“To help address this issue, Verizon offers insights and recommendations in the report on how to best protect data in addition to illuminating the fact that PHI data is contained in many more places than organizations realise,” Widup explains.

NZ’s $3.45bil IT services market fueled by competitive advantage
"With regards to cloud adoption, organisations are prioritising innovation and security over cost and scalability.”
The secret to scaling DevOps in the digital era
"Organisations around the world have learnt at a cost that while agile DevOps methodologies can result in improved outcomes within teams and projects, they have a propensity to fail miserably."
APAC FinTech network launches to encourage cross-border innovation
Nine associations formally launched the network by signing a Statement of Intent at the Asian Financial Forum event in Hong Kong.
Avaya expands AI offerings with new partnerships
The additions to the ecosystem will enable Avaya to add prioritisation and natural language processing to its UC solutions.
Hillstone CTO's 2019 security predictions
Hillstone Networks CTO Tim Liu shares what key developments could be expected in the areas of security compliance, cloud, security, AI and IoT.
Kiwis make waves in IoT World Cup
A New Zealand company, KotahiNet, has been named as a finalist in the IoT World Cup for its River Pollution Monitoring solution.
Can it be trusted? Huawei’s founder speaks out
Ren Zhengfei spoke candidly in a recent media roundtable about security, 5G, his daughter’s detainment, the USA, and the West’s perception of Huawei.
SUSE partners with Intel and SAP to accelerate IT transformation
SUSE announced support for Intel Optane DC persistent memory with SAP HANA.