Some saw it coming, others thought it wouldn’t be a problem for years. Now, though, a new report shows that half of all cyber security breaches this year were made in the health care sector. That means it’s growing faster than the infamous 2012 bank breaches that kept millions of Americans frustrated for months. Those denial of service attacks, or DDOS, significantly slowed down various financial transactions, but security breaches in health care are a different animal. Worse, experts say it’s already here.
A decade ago, most people, and in fact, most medical professionals, doubted the possibility of our health profiles ever being maintained solely online. The federal government dismissed concerns of massive identity theft efforts, with many insisting security breaches in health care was something that technological minds would prevent. While the health care sector was slower to transition, hackers have most certainly not only caught up, but they now far surpass those looking to breach the global financial sector.
The biggest reason for this massive technological driven growth is due to the passage of the 2009 Health Information Technology for Economic and Clinical Health Act. Most hospitals and doctors found themselves abandoning traditional paperwork that’s maintained onsite and have moved to the cloud. They’ve done this in less than three years, too. The incentive? More than $24 billion in federal incentive money was the guiding factor.
Unfortunately, the growing fraud problems have yet to affect the same elected leaders who passed the Act.
Worse, no one can exactly quantify the immediate and long term affects if a hacker managed to pull off an attack similar to the massive Target credit card and identity theft last year. Robert Wah, who is the president of the American Medical Association and chief medical officer at the health technology firm CSC, believes not only are those responsible for protecting our health information “behind the race”, but he also insists the thieves are increasingly sophisticated in their efforts.
He’s not alone. One security information expert, Ernie Hood, of The Advisory Board Co., said “Frankly, health care organizations are struggling to keep up with this.” One need only look at recent events. Earlier this year, the St. Joseph Health System had been infiltrated for more than three days before anyone caught on. More than 400,000 identities, including Medicaid, Medicare, social security numbers, dates of birth and other identifiable information was stolen. It is the third largest data breach in the U.S.
So if hackers can breach banks and credit card companies in order to steal money, why would they want to breach healthcare records? The answer is simple: they’re choosing these avenues in order to gain access to drugs, which is significantly higher in value on the street. Once access is gained to Medicaid numbers, addresses, doctor’s licensing numbers, a patient’s age and sex, that information can be used as a way to create a drug pipeline. This jeopardizes far more than a security team’s efforts; the taxpayer will surely shoulder the costs of backtracking and plugging the same vulnerabilities that should have been addressed when the billions of federal dollars were flowing. The worst reality, however, is the fact that it could jeopardize millions of Americans and their efforts of quality healthcare.