Data Theft in Healthcare Sector: The Facts, The Cost And How To Avoid Them

The healthcare sector has a disproportionate number of data thefts, and the acuteness of these thefts – both in terms of average financial cost per record and the social effect of stolen health records – far outweighs thefts in other industries.

As per the Australian Information Commissioner’s (OAIC) “The health sector reported the largest number of data breaches in 2020 and according to the predictions of cybersecurity ventures, there will be two or three times more cybersecurity attacks in 2021 in the healthcare sector as compared to other sectors globally.

Understanding the problem: why do data breaches burgeon in the healthcare industry?

The high rate of data losses in the healthcare sector is due to the shift of healthcare information and current health practices into the digital doorway- a transformation that is taking numerous forms, including:

• Increase in the usage of medical devices and patients wearables like an insulin pump, pacemaker that are the link to the internet, and directly gathering and organizing patient information.

• The growing use of telecommunication technologies like telehealth, telemedicine to remotely provide healthcare services.

• The execution of electronic health records system, both inside individual practitioners and hospitals and around the country via the My Health Records (MHR) scheme.

All of these innovations enable more sensitive care and greater control over a patient’s health and data. But advancements in connectivity (especially where the medium of communications is not encrypted), the centralization and consolidation of delicate information, and expanding access to that data to a wide variety of organizations all increase the risk of unintentional or malicious data thefts unless adequate protection measures are implemented.

Healthcare data is a valuable and non-perishable resource.

• Healthcare data is critical if theft: In the health sector, ransomware attacks are more likely to succeed because they interrupt the organization’s activities, impacting both patients and employees (sometimes affect daily operations and care). As a result, healthcare organizations need immediate access to their databases and are more likely to comply with the hacker’s claims.

• Healthcare data is hard to change: Health records related to diseases and surgeries, unlike a credit cards or payment information, are not ‘perishable’ and are therefore difficult to replace. This implies that after a breach, it maintains its value for a longer period of time.

• Healthcare stolen data sells at a very high rate: Health information is critical (Medicare details sold for A$29 per record in 2017) and can be used for identity frauds or other fraudulent activities that take advantage of a person’s medical conditions or payments, such as creating false insurance claims, acquiring medical equipment, or gaining access to various prescriptions.

Cost of Data Breaches

Any sort of breach is costly, as noted by the IBM security report, on average one incident costs $6.45 million to a healthcare organization, which is about 65% more than the cost of mitigation in our industries. No health care organization, irrespective of its size, can bear to suffer a security breach, it may also include the extra cost of HIPAA fines along with reputational harm

What should practices do?

To protect from data breaches healthcare administrations should follow the following steps:

• Take services from a professional managed IT services providing company, for maintaining and securing their IT networks properly.

• Perform well develop cybersecurity risk assessment, to check the cybersecurity risk prevailing in the system.

• Audit data storage processes on a regular basis to ensure compliance with data storage policies and procedures.

• Provide training to staff members on cybersecurity risks and data/privacy best practices.

• Comprehend and put into practice a ‘privacy by design approach to business activities, particularly in the design and execution of new projects.

• Develop a data breach response squad and a robust data breach response plan. To react to possible data breaches rapidly and efficiently while minimizing harm to individuals (and therefore the monetary and reputational costs of the thefts)

Computer Support Professionals provide Medical IT Services to your Medical Centre Check Out!

Call us at 1300 660 368

Email us at sales@cspro.com.au

Follow Us on Facebook, Twitter, LinkedIn and YouTube

Author:

Jia Paracha