The recent ransomware attack on UnitedHealth’s ChangeHealthcare subsidiary reminds us of the importance of cyber security for the U.S. healthcare industry. While the attack highlighted the potential risks associated with storing sensitive data, it also presents an opportunity to improve security measures and protect patients and healthcare professionals.
As cyber criminals’ methods become more advanced, it’s crucial that vulnerable sectors, such as healthcare, remain vigilant and invest in robust cyber security solutions.
In addition to disrupting payments to doctors, healthcare facilities, and pharmacies nationwide, the protected health information (PHI) of 30 million patients was potentially compromised.
The compromised PHI included names, addresses, telephone numbers, email addresses, birth dates, Social Security numbers, driver’s license numbers, government-issued ID numbers, dental benefit information, and health insurance information.
This is just one example of a recent PHI theft case from a health organization.
Why are cybercriminals so bent on stealing our private healthcare information?
- In 2021, data breaches of healthcare organizations exposed the private data of 50M Americans.
- 95% of identity theft happens because of stolen healthcare records.
- 89% of healthcare organizations reported an average of 43 cyber attacks annually.
The statistics presented above emphasize the crucial role of cyber security in healthcare organizations. Healthcare organizations must take necessary actions to safeguard PHI from cyber attacks. These actions include implementing robust security measures, educating employees about the best cyber security practices, and having a well-defined plan to respond to data breaches.
Cyber criminals often target healthcare due to the high value of private health information. On the Dark Web, these records are sold in bulk and can fetch thousands of dollars.
- The healthcare industry is the most targeted industry for cyber attacks. In 2021, there was an 84% increase in healthcare data breaches from 2018.
- The average cost of a data breach in the healthcare industry is $9.3 million. This is higher than the average data breach cost in any other industry. (ChangeHealth is at $22 million and counting)
- PHI is the most valuable type of data on the black market. A single PHI record can be sold for up to $1,000.
- Phishing attacks are the most common type of cyber attack against healthcare organizations. They are emails or text messages designed to deceive people into revealing sensitive information, such as passwords or credit card numbers.
- Ransomware attacks pose a significant threat to healthcare organizations. In such an attack, cybercriminals encrypt data and demand a ransom payment for the decryption key.
The good news for patients is that your health data is some of the most highly regulated, confidential information.
How Your PHI Is Protected
As healthcare becomes increasingly digitized, it is more important than ever for healthcare organizations to take steps to protect patient data.
Don’t be afraid to ask your providers if they…
- use strong cyber-defense systems as recommended by modern IT experts. These might include firewalls, automated intrusion detection, and anti-malware software.
- educate their workers about cybersecurity best practices, such as identifying and avoiding phishing attacks.
- regularly back up data and store it in a secure location.
- have a strong incident response plan.
Do you find all of this information familiar? Even though healthcare organizations handle a distinct type of confidential data, they still adhere to many of the same safety procedures that any organization must implement when managing personally identifiable information (PII).
Commonwealth Sentinel offers a comprehensive suite of cyber security services to safeguard your organization from digital threats. To schedule a free consultation, click here or contact us at (502) 320-9885.