Hackers generally go after healthcare information they can use in identity theft and other fraud schemes, that data increasingly is prized for numerous commercial ventures–even marketing, according to an article published by The Information Daily.
“Data attacks are increasingly being carried out to gain access to information, which can then be used–and re-used again and again–sometimes even for marketing purposes,” David Gibson, vice president of data governance specialist Varonis Systems, tells Information Daily. His company calls healthcare data the “new oil”
The information can be partially and wholly replicated numerous times without the original owner’s knowledge–and the new owner might be unaware of the content’s origins, according to the article.
Indeed, 94 percent of healthcare organizations had at least one breach in the past two years, according to an infographic posted to backgroundcheck.org.
The infographic notes that 21 million patients were the victims of a healthcare data breach during three years covered in a 2012 report from the U.S. Department of Health & Human Services Office for Civil Rights (OCR). An analysis of those breaches, however, revealed a decline in large-scale breaches and that 57 percent of them were linked to business associates, according to IT security audit firm Redspin. Not so coincidentally, the new HIPAA regulations cover business associates.
However, OCR head Leon Rodriguez recently pointed out that his agency found it could hack into hospital EHRs simply by sitting in the parking lot using a laptop.
Varonis’ research, meanwhile, finds that nearly three-quarters of employees say they are allowed access company data from their personal devices. And 57 percent of employees believe that using a personal device for work could pose a security risk to them personally through potential leakage and misuse of confidential data.
Yet two-thirds of healthcare organizations lack a written mobile strategy, according to a poll of nearly 300 healthcare organizations by Amcom Software. A scary fact from that survey: 37 percent of the respondents said they had no plans to implement such a strategy in their organizations.