Assessments: Building a roadmap to healthcare security
Due in large part to a recent wave of ransomware attacks, concerns have been mounting lately over cybersecurity vulnerabilities in healthcare organizations. Rightfully so, as a study by the Ponemon Institute last year revealed that criminal attacks in healthcare have swollen 125 percent since 2010. Threats have become so severe that this spring United States Computer Emergency Readiness Team (US-CERT) issued an alert highlighting the risks posed by ransomware. Understandably, recent assaults on hospitals have many in the C-suite wringing their hands as anxieties over the safety of their patients’ data have left them scrambling to identify and secure potential liabilities within their organizations.
The increase in attacks can largely be attributed to the increasing value of healthcare data on the black market. A recent Brookings Institution study found that the per-record cost for healthcare data breaches is higher today than in any other industry at $363 per record. There is good reason for this high price tag. Unlike credit card data, which has a shelf life and can quickly be rendered useless by financial organizations when it is stolen or fraud is detected, healthcare information is not so easily erased and often remains available on the black market for life. Once cybercriminals have the data, they can make fraudulent claims on behalf of their victims and gain access to everything from prescriptions to medical devices, which they can then continue to resell on the black market. Add in a victim’s social security number or other personally identifiable information, and it becomes clear why susceptible healthcare institutions have become goldmines for criminals for both healthcare fraud and financial fraud.