Skip to content Skip to navigation

Healthcare Industry Will Remain a Top Target for Data Breaches in 2016

December 18, 2015
by Heather Landi
| Reprints
Click To View Gallery

Healthcare companies will continue to be one of the most targeted sectors by cybercriminals in 2016 due to the high value of compromised data and the ongoing digitization of medical records, according to an Experian report.

The 2016 Data Breach Industry Forecast by Experian Data Breach Resolution outlines five predictions for what industry leaders can expect in the coming year with regard to data breach trends and issues.

For the healthcare industry in particular, researchers predict that big healthcare hacks will make headlines, but small breaches will cause the most damage.

“While large breaches may be compromising millions of people’s records in one fell swoop, smaller incidents caused by employee negligence will also continue to compromise millions of records each year. These incidents are often due to employees mishandling paper records or losing physical back-up of information,” the researchers state.

Given the high value compromised data can command on the black market along with the continued digitization and sharing of medical records, researchers predict that healthcare companies will remain one of the most targeted sectors by attackers.

“In 2016, sophisticated attackers will continue to focus on insurers and large hospital networks where they have the opportunity for the largest payoff. With the move to electronic health records (EHRs) continuing to gain momentum and becoming more widely accessible through mobile applications, the attack surface continues to grow,” the researchers state.

The researchers note that it’s important for healthcare organizations to not only continue to invest in up-to-date security technologies, but also focus on training employees on proper data handling practices on a regular basis.

 The report also highlights the rise in cybercriminals using data for corporate extortion or other scams. According to cybersecurity experts, medical records are worth up to 10 times more than credit card numbers on the black market, and this might drive hackers to look at medical records data as a mean for financial gain. According to the researchers, 38 percent of organizations report they have already been targeted by cyber-extortion.

“Moving forward, it is anticipated that businesses will begin to account for the potential of extortion in their data breach planning, including having cyber insurance policies in place that incorporate protocols for how to negotiate with cybercriminals,” the researchers state.

Among the other predictions, researchers also anticipate that the EMV Chip and PIN liability shift will not stop payment breaches.

“Given the value of payments data, attackers may also look to other methods to steal this information that don’t involve point of sale systems. Similar to what’s happened in the European Union – where EMV has been adopted for some time – attacks may shift to focus on online transactions where cards don’t need to be present,” the researchers state.

And, it is anticipated that cyber conflicts between countries will leave consumers and businesses as collateral damage and that the 2016 U.S. presidential candidates and campaigns will be attractive hacking targets.

Researchers also predict a resurgence in hacktivist activities, motivated by groups looking to inflict reputational damage to a company or cause.

The report authors note that while traditional data breach threats remain, business leaders also should take note of emerging trends and update their data breach response plans accordingly.

Experian researchers also graded their 2015 data breach predictions, with mixed results, as four out of six predictions for 2015 rang true by end of this year. For 2015, researchers predicted that healthcare breaches would be a persistent and growing threat, which unfortunately has proven to be the case, and that employees would be companies’ biggest breach threat, which also was accurate according to a Ponemon Institute report. That report indicated that non-malicious employee error is the No. 1 leading cause of data security breaches.

Two other predictions that were accurate were the shifting accountability to corporate leadership following a security breach and the growing concern about the Internet of Things (IoT) as a security breach threat.





ONC National Coordinator Gets Live Look at Carequality Data Exchange

Officials from Carequality have stated that there are now more than 150,000 clinicians across 11,000 clinics and 500 hospitals live on its network. These participants are also able to share health data records with one another, regardless of technology vendor.

American Red Cross, Teladoc to Provide Telehealth Services to Disaster Victims

The American Red Cross announced a partnership with Teladoc to deliver remote medical care to communities in the United States that are significantly affected by disasters.

Report: The Business of Cybercrime in Healthcare is Growing

While stolen financial data still has a higher market value than stolen medical records, as financial data can be monetized faster, there are indications that there is ongoing development of a market for stolen medical data, according to an Intel Security McAfee Labs report.

Phishing Attack at Baystate Health Potentially Exposes Data of 13K Patients

A phishing scam at Baystate Health in Springfield, Mass. has potentially exposed the personal data of 13,000 patients, according to a privacy statement from the patient care organization and a report from MassLive.

New Use Cases Driving Growth in Health Data Exchange through Direct

In an update, DirectTrust reported significant growth in Direct exchange of health information and the number of trusted Direct addressed enabled to share personal health information (PHI) in the third quarter of 2016.

Insurers to CBO: Consider Private Insurers’ Data in Evaluations of Telemedicine

Eleven private insurers, including Aetna, Humana and Anthem, are urging the Congressional Budget Office (CBO) to consider the experience of commercial insurers when evaluating the impact of telemedicine coverage in Medicare.