In the past decade, we've witnessed amazing advancements in medicine. Our lives are being not only enhanced but extended as new treatments, medications, and technologies come to market every month. Still, it's not just medical abilities that are rapidly improving; it's also the technology that drives the management and delivery of healthcare. This includes everything from the technology now behind a simple visit to the doctor’s office, new healthcare devices, and monitoring technologies, to the electronic sharing of patient medical information among far-flung doctors and specialists.
Last year the electronic health record (EHR) market hit $31.5 billion, and it’s expected to reach about $40 billion by 2022. Still, the digitization and sharing of EHRs isn't the only form of innovation we see with the digitalization of healthcare.
We also see data analytics, AI, and machine language change how diseases are diagnosed and how medicines are created and prescribed. New always-connected devices that capture the patients' current state of health, which is reported back to their primary doctor and specialists are also transforming healthcare.
Healthcare IT: the new frontline for fraud
While the digitization of EHRs has no doubt advanced the sharing of records among doctors and specialists — and is hopefully improving care for patients as a result — all of this innovation and data, electronic sharing has also increased the risk of health information being targeted in attacks for theft and medical identity fraud. Not convinced? It's true for several reasons. First, increased electronic availability means an increased ability to attack health data. The street value of patient data is consistently priced at many multiples higher than financial data and many other types of consumer data traded among thieves.
Some of this explains why organizations in the healthcare sector are also more likely to suffer data theft than an average organization, and by several recent estimates, anywhere from half to 80 percent of all healthcare organizations have been breached.
With the rise in the adoption of EHRs, the increased data sharing, and the increasing amount of data flowing from IoT connected devices to healthcare databases – information security has become more essential than ever for the healthcare industry. Not just as a way to maintain compliance with healthcare regulations and to protect patient health and financial data, but to also securely embrace all of the healthcare innovation underway. Innovation that is designed to reduce costs and improve patent wellness.
Unfortunately, for many organizations, there is much work that needs to be done for them to get to where they need their security controls and readiness to be.
Paradoxically, healthcare-related data breaches are commonplace, and yet healthcare executives remain confident in the current state of their information security efforts. In recent years, healthcare data breaches have risen considerably. You can go back a handful of years to early 2015, for example, health insurance provider Anthem announced that a breach there exposed nearly 80 million patient records. Other healthcare breaches that year included CareFirst BlueCross BlueShield, UCLA Health Systems, Excellus Blue Cross Blue Shield, and Premera Blue Cross, among others.
Fast-forward to 2018 and massive breaches keep coming, such as Accudoc Solutions with 2.65 million health patent records exposed, UnityPoint Health with 1.4 million records, CNO Financial Group, another 566,000 — and the list goes on. Now let’s take a look at 2015 again: according to the Breach Level Index, which tracks publicly disclosed data breaches, identified the healthcare industry as the chart-topper for data breaches in 2015. According to that website, 34.41% of all records breached that year were in healthcare. The loss of government records came in second with 21.95% of all data breaches tallied. The story didn't get much better by 2018, with the same Breach level report finding that for the first half of last year (the most recent index available) healthcare accounted for 27 percent of all breach incidents, at 256 events. The next closest major industry was financial, at 14 percent and 134 incidents.
Moreover, while the costs of data breaches will vary significantly by industry, the healthcare industry gets hit with a price tag much larger than the average. According to the 2015 Ponemon Institute Cost of a Data Breach Study, the average cost per stolen record is $154 across all industries hit, but that cost rises to $363 per record for the healthcare industry. The 2018 Ponemon Institute analysis showed the cost of a breached healthcare record rose to $408.
In an upcoming post, we’ll take a look at a number of steps organizations can take to turn this situation around.