CIOREVIEW >> Healthcare >>

The Serious Side Effects of an Emerging Trend: Data Breaches and the Healthcare Industry

Bethany Taylor

As everyone is unfortunately aware, there are things in life that seem grotesquely unfair. In terms of the healthcare industry, routinely getting targeted by hackers using data breaches to mine and sell sensitive information is plain unfair. The words grotesquely unfair come into play soon after, when the organizations that were attacked are slapped with class action lawsuits on behalf of the consumers or patients whose data was affected. Meanwhile the attackers themselves, even in the rare event they’re even caught, don’t have to cough up a dime.

  ​The key for the healthcare industry lies in proactive and preventative data security 

The outlook isn’t going to improve for healthcare organizations anytime soon. In fact, according to the latest trend research and forecasting, it’s only getting worse. Without proper preventative security measures, healthcare organizations are going to continue to be victimized by hackers, as well as by lawyers, not to mention the media.

Unto the Breach

As anyone with a credit card and a history of purchases at Target or Home Depot knows, massive data breaches are nothing new. What’s changed is who’s being targeted and subsequently paying up after litigation.

According to the annual Data Breach Litigation Report, in 2015 a full 73 percent of class action litigation cases dealing with data breaches were launched in regards to stolen credit card data. Hardly surprising after the headline grabbing data thefts at Target and Home Depot in 2013 and 2014, respectively, that affected over 125 million consumers.

But if the attorneys working for credit card and retail companies were buying beachfront property in anticipation of even more billable hours the following year, they were in for a rude awakening. According to the 2016 Data Breach Litigation Report, class action lawsuits filed in response to credit card data breaches fell a stunning 50 percent from the year prior, accounting for just 23 percent of data breach class action lawsuits.

There’s a simple reason for this drop-off. When the credit card industry watched their products become embroiled in first breaches then lawsuits, it responded. Rapid fraud discovery capabilities newly employed by credit card companies worked in conjunction with the Electronic Fund Transfer Act and Fair Credit Billing Act to strip away the value of stolen credit card numbers on the black market.

But don’t go fretting about attorneys. Always a resilient bunch, hackers found new data to monetize, and data breaches in the healthcare industry have filled the litigation void handily.

Diagnosis: Monetized Medical Records

From 2015 to 2016, class action filings in the medical industry surged 33 percent. The total percentage of class action filings over the theft of sensitive data reached 57 percent. This following a 2015 in which Anthem, the second biggest health insurer in the United States, saw the records of 70-80 million subscribers compromised in a high-profile breach that highlighted the vulnerability of the healthcare industry.

As of 2016, the Data Breach Industry Forecast estimates that on the black market, medical records are worth ten times more than stolen credit card numbers.

It isn’t just the black market where medical records are worth more than credit card numbers. According to the 2016 Cost of Data Breach Study undertaken by Ponemon Research, the average cost to the compromised organization per record breached in the retail industry is $172. The cost per record breached in the healthcare industry is more than double that, ringing in at $355.

According to the same study, the average cost of a data breach now tops four million dollars. The Anthem breach, however, had already cost the organization in excess of 100 million dollars by May of 2016.

The Questionable Value of Devaluing

It’s unlikely that healthcare organizations will be able to devalue medical records the way credit card companies have stripped the value out of stolen credit card numbers. While rapid fraud detection can decline illicit purchases and prevent the misuse of credit card information, without a culprit being immediately caught and stopped, there’s essentially nothing a healthcare organization can do once sensitive data has been stolen. The information is out there.

The key for the healthcare industry lies in proactive and preventative data security, using the kind of data security technologies provided by leading cyber security firm Imperva, including corrected attack validation, dynamic profiling, transparent inspection and universal user tracking, generally on premises in order to abide by stringent healthcare industry regulations.

Preventing Unfairness all around

As unfair as it may seem to be victimized by a hacker and then made to pay up millions of dollars in the court room while the hacker likely gets off scot-free, it’s also supremely unfair to be a consumer who trusts his or her most private information to a healthcare organization and then finds out that information went up for auction on the black market. Especially when the data breach could have been prevented by proactive security measures. With the right solutions, data breaches and trust breaches can both be avoided.

Check this out: Top Fraud And Breach Protection Companies

Read Also

Balancing Innovation and Standardization

Balancing Innovation and Standardization

Matt Kuhn, PhD, Chief Technology Officer, Innovative Technology Services, Thompson School District
Leveraging Quality Engineering and DevOps to thrive in the face of churning customer expectations

Leveraging Quality Engineering and DevOps to thrive in the face of...

Michelle DeCarlo, senior vice president, enterprise delivery practices, Lincoln Financial Group
Pioneering the Future Through Technology Innovation

Pioneering the Future Through Technology Innovation

Eric Kunnen, Senior Director, IT Innovation and Research, Information Technology, Grand Valley State University
Reimagine Naval Power

Reimagine Naval Power

Lorin Selby, Chief of Naval Research, Office of Naval Research
The Shifting Enterprise Operating System Ecosystem Is Helping Warehouse Operations Evolve

The Shifting Enterprise Operating System Ecosystem Is Helping...

Tom Lee, Director Sales Engineering, Zebra Technologies
Digital TRANSFORMATION: Challenge the Status Quo, Be Disruptive.

Digital TRANSFORMATION: Challenge the Status Quo, Be Disruptive.

Michael Shanno, Head of Digital Transformation, Global Quality, Sanofi