Breach Summary 2015


Security Breach
Cyberattacks were the third most frequent cause of a healthcare data breach in 2015, but they accounted for the most records breached. Nine of the top ten breaches by volume were due to cyberattacks, with over 110 million records breached.2015 also brought the largest breach of healthcare data reported to HHS so far; the Anthem cyberattack reported in early February impacting almost 79 million people.

There is also speculation that the additional breaches later in the year at Premera BlueCross, Excellus BlueCross and CareFirst BlueCross BlueShield, which affected another 22 million people, were related to the Anthem attack.

 
 
 
 

Why is healthcare data so valuable to hackers?

  • There’s a lot of it. Think about how much information we’re asked to provide when visiting a healthcare provider.
  • It’s valuable. Not only is there a lot of data, but it is of high quality. Social security numbers, payment information, and demographic data that can be used to create fraudulent identities, along with detailed medical information that can be used to create false medical profiles to defraud private and public healthcare system.
  • It’s current. Employees are asked to verify information during yearly benefit open enrollment periods. As patients we’re asked to confirm demographic and financial data when we seek care. And, our medical record is updated with current treatment information each time we receive care.
  • It’s accessible. Historically, healthcare covered entities and business associates have been slower than, and not as rigorous in, securing their data as financial and retail institutions. And, there are more potential entry points for hackers to exploit, especially with the rise in use of personal smart devices and networked medical devices that store patient data.
  • It’s lucrative. Healthcare records are estimated to be worth ten to twenty times more than financial records on the black market.

Given all these factors, cyber security experts predict that hackers will continue to target the healthcare industry in 2016.