Healthcare Industry Will Remain a Top Target for Data Breaches in 2016 | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

Healthcare Industry Will Remain a Top Target for Data Breaches in 2016

December 18, 2015
by Heather Landi
| Reprints
Click To View Gallery

Healthcare companies will continue to be one of the most targeted sectors by cybercriminals in 2016 due to the high value of compromised data and the ongoing digitization of medical records, according to an Experian report.

The 2016 Data Breach Industry Forecast by Experian Data Breach Resolution outlines five predictions for what industry leaders can expect in the coming year with regard to data breach trends and issues.

For the healthcare industry in particular, researchers predict that big healthcare hacks will make headlines, but small breaches will cause the most damage.

“While large breaches may be compromising millions of people’s records in one fell swoop, smaller incidents caused by employee negligence will also continue to compromise millions of records each year. These incidents are often due to employees mishandling paper records or losing physical back-up of information,” the researchers state.

Given the high value compromised data can command on the black market along with the continued digitization and sharing of medical records, researchers predict that healthcare companies will remain one of the most targeted sectors by attackers.

“In 2016, sophisticated attackers will continue to focus on insurers and large hospital networks where they have the opportunity for the largest payoff. With the move to electronic health records (EHRs) continuing to gain momentum and becoming more widely accessible through mobile applications, the attack surface continues to grow,” the researchers state.

The researchers note that it’s important for healthcare organizations to not only continue to invest in up-to-date security technologies, but also focus on training employees on proper data handling practices on a regular basis.

 The report also highlights the rise in cybercriminals using data for corporate extortion or other scams. According to cybersecurity experts, medical records are worth up to 10 times more than credit card numbers on the black market, and this might drive hackers to look at medical records data as a mean for financial gain. According to the researchers, 38 percent of organizations report they have already been targeted by cyber-extortion.

“Moving forward, it is anticipated that businesses will begin to account for the potential of extortion in their data breach planning, including having cyber insurance policies in place that incorporate protocols for how to negotiate with cybercriminals,” the researchers state.

Among the other predictions, researchers also anticipate that the EMV Chip and PIN liability shift will not stop payment breaches.

“Given the value of payments data, attackers may also look to other methods to steal this information that don’t involve point of sale systems. Similar to what’s happened in the European Union – where EMV has been adopted for some time – attacks may shift to focus on online transactions where cards don’t need to be present,” the researchers state.

And, it is anticipated that cyber conflicts between countries will leave consumers and businesses as collateral damage and that the 2016 U.S. presidential candidates and campaigns will be attractive hacking targets.

Researchers also predict a resurgence in hacktivist activities, motivated by groups looking to inflict reputational damage to a company or cause.

The report authors note that while traditional data breach threats remain, business leaders also should take note of emerging trends and update their data breach response plans accordingly.

Experian researchers also graded their 2015 data breach predictions, with mixed results, as four out of six predictions for 2015 rang true by end of this year. For 2015, researchers predicted that healthcare breaches would be a persistent and growing threat, which unfortunately has proven to be the case, and that employees would be companies’ biggest breach threat, which also was accurate according to a Ponemon Institute report. That report indicated that non-malicious employee error is the No. 1 leading cause of data security breaches.

Two other predictions that were accurate were the shifting accountability to corporate leadership following a security breach and the growing concern about the Internet of Things (IoT) as a security breach threat.



Get the latest information on Staffing and Professional Development and attend other valuable sessions at this two-day Summit providing healthcare leaders with educational content, insightful debate and dialogue on the future of healthcare and technology.

Learn More



Loma Linda University Medical Center Gets HIMSS Stage 7 Designation

Loma Linda University (LLU) Medical Center and other patient care facilities linked to the health system have achieved Stage 7 designation on HIMSS Analytics’ inpatient Electronic Medical Record Adoption Model (EMRAM).

HHS OIG Report Cites Concerns with MACRA Implementation

The U.S. Department of Health and Human Services (HHS) Office of the Inspector General issued a report of its review of the Centers for Medicare & Medicaid Services’ (CMS) management of the Quality Payment Program and cited specific concerns regarding the need for more specialized technical assistance for clinicians and program integrity efforts.

Cerner Files Protest over $62M EHR Contract Awarded to Epic

Cerner Corp. has filed a protest against rival EHR vendor Epic Systems following an “unfair bidding process and a possible conflict of interest” for a recent IT implementation contract awarded by the University of Illinois (UI) medical center.

NewYork-Presbyterian, Walgreens Partner on Telemedicine Initiative

NewYork-Presbyterian and Walgreens are collaborating to bring expanded access to NewYork-Presbyterian’s healthcare through new telemedicine services, the two organizations announced this week.

ONC Releases Patient Demographic Data Quality Framework

The Office of the National Coordinator for Health IT (ONC) developed a framework to help health systems, large practices, health information exchanges and payers to improve their patient demographic data quality.

AMIA, Pew Urge Congress to Ensure ONC has Funding to Implement Cures Provisions

The Pew Charitable Trusts and the American Medical Informatics Association (AMIA) have sent a letter to congressional appropriators urging them to ensure that ONC has adequate funding to implement certain 21st Century Cures Act provisions.