Most cybersecurity experts predict that data security threats against the healthcare industry will only continue to increase and evolve in 2017 as widespread malicious and criminal hacking poses an increased risk to protected health information (PHI) and healthcare organizations’ information systems.
According to data from the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) breach portal, also referred to as the “wall of shame,” the number of hacking/IT incidents at healthcare providers skyrocketed last year. In 2014, there were 18 reported data breach incidents classified as “hacking/IT incidents” at healthcare provider organizations, as reported to HHS. In 2015, there were 30 reported “hacking/IT incidents” that caused a data breach at healthcare provider organizations. Last year, that number jumped to 95, or more than triple the number of hacking incidents at healthcare provider organizations. Additionally, when looking at all data breaches reported to HHS by healthcare providers, there were 251 data breaches last year.
Facing an increasingly hostile cyber threat landscape, the leaders of healthcare delivery organizations are under pressure to protect their health data and information systems and many are turning to technology solutions to strengthen their IT security.
During a webinar sponsored by HIMSS Analytics (a division of the Chicago-based Health Information and Management Systems Society) exploring health IT security trends, HIMSS Analytics researchers presented data from a survey of healthcare executive leaders, including CTOs, CIOs, CISOs, IT/Security VP/directors, patient care heads and patient access heads, about their organizations’ use of biometric technology and the potential opportunity for biometric technology for the purposes of data security.
“Security in healthcare today is a huge topic and there are a lot of issues that organizations have to deal with in terms of providing patient protection, providing data protection and securing sites, such as securing their own facility and as well as other sites such as off-site storage, and there’s no one true answer,” Brendan Fitzgerald, director of research, HIMSS Analytics, said. “From the healthcare industry standpoint, I think security solutions, collectively, can be used in tandem to help thwart an attack and can only increase the efforts made by security groups within organizations to help strengthen security. Biometrics are not a silver bullet, but used collectively with other organizational tools around security can begin to make it more difficult for hackers to have access.”
To provide an outline of the threat landscape, Matt Schuchardt, director of product development and innovation, HIMSS Analytics, cited data from HIMSS Analytics Logic and the HHS breach portal indicating that the number of reported security breaches at healthcare providers increased 167 percent in the last year. “More than 20 million Americans had their healthcare information exposed due to malicious hacking attacks just in 2016, and the volume and the depth of those attacks is significantly larger than what’s happened in previous years,” he said.
From a threat perspective, where the activity is happening has changed significantly in the last few years, as the network server is the new target, he said. “There was minimal network breaches in previous years, a lot of stuff around laptops, personal devices and some small number via the EMR, but the primary target today is the network itself. And we need to think about that with regard to biometrics, how do you secure that network in ways that make it easy to access the data but difficult to breach for unauthorized guests,” he said.
Taking a look at projections for data breaches at healthcare providers in the next two years, and the numbers are quite stark. “We’re looking at 45 million peoples’ records impacted in the next two years alone, so certainly the time to do something about this, is now,” Schuchardt said.
According to the data Schuchardt presented, there is a disturbing trend of repeated health system exploits. Since 2011, 31 different health systems in the U.S. have reported being breached multiple times by hackers. These 70 breaches impacted the privacy of 9 million patients. Additionally, almost half, (45 percent) of those 70 breaches were in 2016 alone, he said.
Hacks from 2010 to 2015 impacted 614,060 patients, an average of 122,812 per year. All in, the number of patients impacted by hacking in 2016 was 6,075 percent above the previous five years, he said. “The threat is real, it is growing and it is targeting your organizations in a variety of locations and with a variety of modalities. You need to think about how do you make the data available so patients and providers can access the information wherever care is happening, but keep the nefarious people away from it and its real challenge and it’s something we need to figure out relatively quickly,” he said.
Currently, the use of biometric solutions—fingerprints, hand geometry, retina or iris scans—for data security purposes is limited, but is beginning to pick up momentum across the healthcare space, Fitzgerald said.
Of the respondents to the survey, about half (47 percent) report that their organizations are currently using biometrics in different areas of hospital operations and not necessarily for security. Certain areas within healthcare organizations have been using biometric technology for some time, such as fingerprint biometric solutions for medication dispensing and employee identification, and that still seems to be the primary areas where biometric solutions are used. Sixty-two percent of the survey respondents reported using biometrics for medication dispensing and management, while 43 percent use the technology for employee identification.
Get the latest information on Health IT and attend other valuable sessions at this two-day Summit providing healthcare leaders with educational content, insightful debate and dialogue on the future of healthcare and technology.