A recent research report on data breaches in healthcare indicates that the hack of Anthem could end up costing more than a billion.
Redspin Inc., a Carpinteria, Calif.-based health IT security consultant, released its annual breach report this week, highlighting the rising tide of incidents in the healthcare industry. The firm reports that 2014 saw 164 incidents of breaches of protected health information reported to the Department of Health and Human Services (HHS) Office of Civil Rights (OCR), a 25 percent increase from 2013. The report shows that more than half of the breaches were the result of hacking, including the notable incident at Community Health System that affected 4.5 million patients.
The number doesn't include Anthem, which Redspin calls a landmark incident for health data security. "From here on, all [protected health information] breach statistics are going have to be reported as 'pre- or post-Anthem,'" says Daniel W. Berger, President and CEO of Redspin. "It's that big. We wouldn't be surprised to see the costs of the Anthem breach exceed a billion dollars."
Hackers are increasingly targeting health systems and insurers because the value that PHI holds on the black market, says Berger. Because of the sheer volume of health data that these organizations possess, he noted that it was only a matter of time before these hacks started becoming commonplace.
Officials from Carequality have stated that there are now more than 150,000 clinicians across 11,000 clinics and 500 hospitals live on its network. These participants are also able to share health data records with one another, regardless of technology vendor.
While stolen financial data still has a higher market value than stolen medical records, as financial data can be monetized faster, there are indications that there is ongoing development of a market for stolen medical data, according to an Intel Security McAfee Labs report.
A phishing scam at Baystate Health in Springfield, Mass. has potentially exposed the personal data of 13,000 patients, according to a privacy statement from the patient care organization and a report from MassLive.
In an update, DirectTrust reported significant growth in Direct exchange of health information and the number of trusted Direct addressed enabled to share personal health information (PHI) in the third quarter of 2016.
Eleven private insurers, including Aetna, Humana and Anthem, are urging the Congressional Budget Office (CBO) to consider the experience of commercial insurers when evaluating the impact of telemedicine coverage in Medicare.