The Serious Side Effects of an Emerging Trend: Data Breaches and the Healthcare Industry

Bethany Taylor
58
84
21

As everyone is unfortunately aware, there are things in life that seem grotesquely unfair. In terms of the healthcare industry, routinely getting targeted by hackers using data breaches to mine and sell sensitive information is plain unfair. The words grotesquely unfair come into play soon after, when the organizations that were attacked are slapped with class action lawsuits on behalf of the consumers or patients whose data was affected. Meanwhile the attackers themselves, even in the rare event they’re even caught, don’t have to cough up a dime.

  ‚ÄčThe key for the healthcare industry lies in proactive and preventative data security 

The outlook isn’t going to improve for healthcare organizations anytime soon. In fact, according to the latest trend research and forecasting, it’s only getting worse. Without proper preventative security measures, healthcare organizations are going to continue to be victimized by hackers, as well as by lawyers, not to mention the media.

Unto the Breach

As anyone with a credit card and a history of purchases at Target or Home Depot knows, massive data breaches are nothing new. What’s changed is who’s being targeted and subsequently paying up after litigation.

According to the annual Data Breach Litigation Report, in 2015 a full 73 percent of class action litigation cases dealing with data breaches were launched in regards to stolen credit card data. Hardly surprising after the headline grabbing data thefts at Target and Home Depot in 2013 and 2014, respectively, that affected over 125 million consumers.

But if the attorneys working for credit card and retail companies were buying beachfront property in anticipation of even more billable hours the following year, they were in for a rude awakening. According to the 2016 Data Breach Litigation Report, class action lawsuits filed in response to credit card data breaches fell a stunning 50 percent from the year prior, accounting for just 23 percent of data breach class action lawsuits.

There’s a simple reason for this drop-off. When the credit card industry watched their products become embroiled in first breaches then lawsuits, it responded. Rapid fraud discovery capabilities newly employed by credit card companies worked in conjunction with the Electronic Fund Transfer Act and Fair Credit Billing Act to strip away the value of stolen credit card numbers on the black market.

But don’t go fretting about attorneys. Always a resilient bunch, hackers found new data to monetize, and data breaches in the healthcare industry have filled the litigation void handily.

Diagnosis: Monetized Medical Records

From 2015 to 2016, class action filings in the medical industry surged 33 percent. The total percentage of class action filings over the theft of sensitive data reached 57 percent. This following a 2015 in which Anthem, the second biggest health insurer in the United States, saw the records of 70-80 million subscribers compromised in a high-profile breach that highlighted the vulnerability of the healthcare industry.

As of 2016, the Data Breach Industry Forecast estimates that on the black market, medical records are worth ten times more than stolen credit card numbers.

It isn’t just the black market where medical records are worth more than credit card numbers. According to the 2016 Cost of Data Breach Study undertaken by Ponemon Research, the average cost to the compromised organization per record breached in the retail industry is $172. The cost per record breached in the healthcare industry is more than double that, ringing in at $355.

According to the same study, the average cost of a data breach now tops four million dollars. The Anthem breach, however, had already cost the organization in excess of 100 million dollars by May of 2016.

The Questionable Value of Devaluing

It’s unlikely that healthcare organizations will be able to devalue medical records the way credit card companies have stripped the value out of stolen credit card numbers. While rapid fraud detection can decline illicit purchases and prevent the misuse of credit card information, without a culprit being immediately caught and stopped, there’s essentially nothing a healthcare organization can do once sensitive data has been stolen. The information is out there.

The key for the healthcare industry lies in proactive and preventative data security, using the kind of data security technologies provided by leading cyber security firm Imperva, including corrected attack validation, dynamic profiling, transparent inspection and universal user tracking, generally on premises in order to abide by stringent healthcare industry regulations.

Preventing Unfairness all around

As unfair as it may seem to be victimized by a hacker and then made to pay up millions of dollars in the court room while the hacker likely gets off scot-free, it’s also supremely unfair to be a consumer who trusts his or her most private information to a healthcare organization and then finds out that information went up for auction on the black market. Especially when the data breach could have been prevented by proactive security measures. With the right solutions, data breaches and trust breaches can both be avoided.

Read Also

Unleashing the Power of Cloud in Healthcare

Joseph Rostock, CTO, Inovalon

The Coming Era of High Performance Medicine

Jason Burke, System VP, Enterprise Analytics & Data Sciences, UNC Health Care