Study: More than 19 million patient records targeted during online security attacks
The healthcare industry, maybe more than any other sector, can be radically affected by an online security breach. With so many patient records and medical information impacted by an incident, grave consequences can result if proper defenses are not in place.
According to the recent Breach Report 2011 study conducted by IT security assessment provider Redspin, more than 19 million people have been targeted by 385 incidents since August 2009, when the HITECH Act was passed. A major contributor to the increase in events has been the adoption of unencrypted portable devices such as laptops and other media products,
"Information security data breach[es] in healthcare has reached epidemic proportions - the problem is widespread and accelerating," said Redspin president and CEO Daniel Berger. "Incidents have been reported in nearly all 50 states and the total number of records breached increased 97 percent in 2011 as compared to 2010."
The research also revealed that malicious attacks, which include insider incidents, theft and hacks, accounted for 60 percent of breaches studied since 2009. Redspin indicated this is because of the financial gains associated with cyberattacks. For example, criminals can sell personal health records to the black market.
"Without further protective measures, data breaches will continue to increase and could derail the implementation, adoption and usage of electronic health records," Berger added.
Other research has pointed to the dangers of online security breaches among healthcare providers. According to a study of industry experts,[ ]many suggested attacks will become more prevalent if action is not taken.
Ponemon Institute founder and chairman Larry Ponemon said that, since more than 80 percent of patient data is stored on mobile devices, attacks against these products are expected to continue. He also said that nearly 50 percent of providers surveyed said they are not taking proper precautions to protect mobile technology.
IT nonprofit CompTIA conducted a study that painted a grim picture of mobile devices in the healthcare industry. According to its research, CompTIA concluded that providers should have written policies in place to ensure their employees are managing these devices properly to protect from outside threats.
Another danger the healthcare industry is faced with regarding online security is its use of cloud computing. According to the announcement, the technology is expected to outpace regulations in 2012, exposing providers to more breaches.