Author: Chris Bowen
Chief Privacy and Security Officer and Founder, CISSP, CIPP/US, CIPT
In 2016, the cyber security world experienced a multitude of data breaches, exposing more than 4 billion records. In addition, record amounts of DDoS attacks, vulnerability disclosures, ransomware, and spam were reported. And, unfortunately, the Healthcare Industry was a major target. According to the ITRC Data Breach Report 2016:
- Healthcare exposed the most SSNs compared to all other industries (business, education, financial, and government)
- The most records exposed by employee error or negligence were in the healthcare sector
- The healthcare industry was hit hardest by hacking, skimming and phishing attacks
Patients are now choosing healthcare providers who focus on protecting their information
The significant increase in the use of electronic medical records (EMRs) and other healthcare technology has created a wealth of electronic information that is increasingly being targeted by cyber attackers. And now that we are living in a BYOD world, the reality of a breach is becoming more and more common (according to a study published by Crowd Research Partners, one in five companies have suffered a data breach involving mobile devices).
Accenture analysis predicts more than 25 million people—or approximately one in 13—patients—will have their medical and/or personal information stolen from their healthcare provider’s digitized records between 2015 and 2019. In many cases, patients are now choosing to leave the healthcare providers that have failed to protect their data, costing those providers significant revenue.
According to Accenture, “25 percent of patients impacted by healthcare provider data breaches between 2015 and 2019—more than 6 million people—will subsequently become victims of medical identity theft. Sixteen percent of impacted patients—more than 4 million people—will be victimized and pay out-of-pocket costs totaling almost $56 billion over the next five years”.
The research also finds that “almost half of patients said they would find a different provider if they were informed that their medical records were stolen”. Considering the estimated economic value of a patient, that could cost providers in excess of $305 billion in cumulative lifetime patient revenue over the next five years! Those numbers are daunting, and just prove how critical compliance and security are to the healthcare world.