Healthcare Industry Will Remain a Top Target for Data Breaches in 2016 | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

Healthcare Industry Will Remain a Top Target for Data Breaches in 2016

December 18, 2015
by Heather Landi
| Reprints
Click To View Gallery

Healthcare companies will continue to be one of the most targeted sectors by cybercriminals in 2016 due to the high value of compromised data and the ongoing digitization of medical records, according to an Experian report.

The 2016 Data Breach Industry Forecast by Experian Data Breach Resolution outlines five predictions for what industry leaders can expect in the coming year with regard to data breach trends and issues.

For the healthcare industry in particular, researchers predict that big healthcare hacks will make headlines, but small breaches will cause the most damage.

“While large breaches may be compromising millions of people’s records in one fell swoop, smaller incidents caused by employee negligence will also continue to compromise millions of records each year. These incidents are often due to employees mishandling paper records or losing physical back-up of information,” the researchers state.

Given the high value compromised data can command on the black market along with the continued digitization and sharing of medical records, researchers predict that healthcare companies will remain one of the most targeted sectors by attackers.

“In 2016, sophisticated attackers will continue to focus on insurers and large hospital networks where they have the opportunity for the largest payoff. With the move to electronic health records (EHRs) continuing to gain momentum and becoming more widely accessible through mobile applications, the attack surface continues to grow,” the researchers state.

The researchers note that it’s important for healthcare organizations to not only continue to invest in up-to-date security technologies, but also focus on training employees on proper data handling practices on a regular basis.

 The report also highlights the rise in cybercriminals using data for corporate extortion or other scams. According to cybersecurity experts, medical records are worth up to 10 times more than credit card numbers on the black market, and this might drive hackers to look at medical records data as a mean for financial gain. According to the researchers, 38 percent of organizations report they have already been targeted by cyber-extortion.

“Moving forward, it is anticipated that businesses will begin to account for the potential of extortion in their data breach planning, including having cyber insurance policies in place that incorporate protocols for how to negotiate with cybercriminals,” the researchers state.

Among the other predictions, researchers also anticipate that the EMV Chip and PIN liability shift will not stop payment breaches.

“Given the value of payments data, attackers may also look to other methods to steal this information that don’t involve point of sale systems. Similar to what’s happened in the European Union – where EMV has been adopted for some time – attacks may shift to focus on online transactions where cards don’t need to be present,” the researchers state.

And, it is anticipated that cyber conflicts between countries will leave consumers and businesses as collateral damage and that the 2016 U.S. presidential candidates and campaigns will be attractive hacking targets.

Researchers also predict a resurgence in hacktivist activities, motivated by groups looking to inflict reputational damage to a company or cause.

The report authors note that while traditional data breach threats remain, business leaders also should take note of emerging trends and update their data breach response plans accordingly.

Experian researchers also graded their 2015 data breach predictions, with mixed results, as four out of six predictions for 2015 rang true by end of this year. For 2015, researchers predicted that healthcare breaches would be a persistent and growing threat, which unfortunately has proven to be the case, and that employees would be companies’ biggest breach threat, which also was accurate according to a Ponemon Institute report. That report indicated that non-malicious employee error is the No. 1 leading cause of data security breaches.

Two other predictions that were accurate were the shifting accountability to corporate leadership following a security breach and the growing concern about the Internet of Things (IoT) as a security breach threat.



Get the latest information on Health IT and attend other valuable sessions at this two-day Summit providing healthcare leaders with educational content, insightful debate and dialogue on the future of healthcare and technology.

Learn More



Study: EHRs Tied with Lower Hospital Mortality, But Only After Systems Have Matured

Over the past decade, there has been significant national investment in electronic health record (EHR) systems at U.S. hospitals, which was expected to result in improved quality and efficiency of care. However, evidence linking EHR adoption to better care is mixed, according to medical researchers.

Nursing Notes Can Help Predict ICU Survival, Study Finds

Researchers at the University of Waterloo in Ontario have found that sentiments in healthcare providers’ nursing notes can be good indicators of whether intensive care unit (ICU) patients will survive.

Health Catalyst Completes Acquisition of HIE Technology Company Medicity

Salt Lake City-based Health Catalyst, a data analytics company, has completed its acquisition of Medicity, a developer of health information exchange (HIE) technology, and the deal adds data exchange capabilities to Health Catalyst’s data, analytics and decision support solutions.

Advocate Aurora Health, Foxconn Plan Employee Wellness, “Smart City,” and Precision Medicine Collaboration

Wisconsin-based Advocate Aurora Health is partnering with Foxconn Health Technology Business Group, a Taiwanese company, to develop new technology-driven healthcare services and tools.

Healthcare Data Breach Costs Remain Highest at $408 Per Record

The cost of a data breach for healthcare organizations continues to rise, from $380 per record last year to $408 per record this year, as the healthcare industry also continues to incur the highest cost for data breaches compared to any other industry, according to a new study from IBM Security and the Ponemon Institute.

Morris Leaves ONC to Lead VA Office of Electronic Health Record Modernization

Genevieve Morris, who has been detailed to the U.S. Department of Veterans Affairs (VA) from her position as the principal deputy national coordinator for the Department of Health and Human Services, will move over full time to lead the newly establishment VA Office of Electronic Health Record Modernization.