Did you know that by March of this year (2015) over 11 million people's personal health information had been breached?
Considering this alarming statistic, it should come as no surprise that network security and ensuring the protection of patient's personal data is becoming one of the biggest concerns for health care providers.
Hackers are now turning their attention towards PHI or personal health information.
PHI is 10 times more valuable than credit card data but 100 times easier to get, meaning more and more cyber security attacks are targeting the health care industry.
With vital information such as name, age, gender, address, social security number, diagnosis codes, insurance information and personal medical history, PHI can fetch up to hundreds of thousands of dollars.
Unlike credit card data, which has a shorter shelf life, PHI can be used to create fake IDs, buy drugs or even apply for fraudulent insurance claims.
To help you get familiar with personal health information and how critical it is that you have a strategy to keep it safe, we've put together a simple breakdown of why you need to secure your patient's data, now!
In terms of cyber crime, PHI fetches 10 times more than stolen credit cards. This is due to several reasons:
- Personal health information is permanent and cannot be changed, while credit cards can be canceled and replaced.
- PHI can be used for high value purchases or transactions, such as fraudulent insurance claims or buying medical equipment and drugs. Credit card data is good for retail purchases only.
The Low Hanging Fruit
In a hacker’s mind, the best thing about PHI apart from its high value is how easy it is to get. Health care providers want this information kept private but also want it to be easily available when the patient needs it,.
This tends to leave security of this data as the proverbial afterthought.
Here are the reasons why PHI is harder to secure:
- Digitized information are all stored on hospital wifi networks, making them all available for the taking once hacked.
- There's a lot to take; with millions of people being covered by health insurance.
- It’s designed to be easily accessible, especially in cases of emergencies.
- It is meant to be shared. For example, the “Meaningful Use” rule, which requires PHI to be shared with other providers.
PHI is increasingly becoming the new target and the numbers are growing significantly year after year. Here's what the stats show:
- The health care sector had the most reported breaches for three years in a row, with 42.5% of all network security breaches coming from the health care industry in 2014, according to the Identity Theft Resource Center.
- The PHI of around 120 million Americans has been compromised since the Breach Notification Rule took effect as part of the federal Health Information Technology for Economic and Clinical Health (HITECH) Act in 2009.
- 4.5 million records were compromised from April to June 2014, according to Community Health Systems.
The Problem & Solution
Even though health care providers are fully aware of the PHI risks, hospital network security still ranks near the bottom when compared to other industries that also deal with sensitive information.
Network security continually takes a back seat, especially when dealing with questions like, “should we spend our budget on better data security solutions or should we buy that new MRI that will bring in more patients?”
Income-generating projects get prioritized much higher than network or data security issues that are usually the last thing hospitals want to deal with.
However, this mentality has to change. You should think of PHI as an asset and include it in your overall risk management process.
Health care is established for patient safety and data security is a big part of that.
In that spirit, you need to maintain your wireless networks, establish better access management, prioritize security risk assessment, and work on your remediation plan.
Ultimately, when you secure patient’s information you also pave the way for better patient care.
At SecurEdge we've been helping health care institutions of all sizes and types to deliver robust, secure wireless technology solutions for their staff and patients. If you have any questions about analyzing and designing your wireless network, simply contact us here, we’d be glad to help.