Medical Data Security

CYBER-650 Week 4

How Secure Is Your Medical Data? 2016 Annual Healthcare Industry Cybersecurity Report

Cybersecurity is among the top five concerns of the healthcare industry –

(PricewaterHouseCoopers, 2016)

With the increasing interest of hackers on e-PHI (electronic-Protected Personal Health Information), the healthcare industry is becoming more vulnerable to malicious attacks. Medical records and important patients’ personal information (SSN, accounts and contact info) are often housed within the same DBMS. A recent report by intel security puts the digital underground trading value of e-PHI at $200,000 (Stone, J., 2016). Individual patient records (“fullz”) sold for between $15 and $65 in the underground market as reported by Dell SecureWorks (Lemos, R., 2016). In its 2016 Annual Healthcare Industry Cybersecurity Report, SecurityScorecard (a Google-backed online risk monitoring group) research shows that “unlike the financial industry, which knows it is targeted and has hence taken significant cybersecurity measures, the medical industry is still very largely vulnerable” (Goenka, H., 2016-4-11). The report was a one year survey (2015-8 – 2016-8) conducted on 700 organizations in the healthcare delivery sector, included hospitals, device manufacturers, and healthcare insurers.

The report found that malware infection in the entire healthcare delivery system was 75 percent. With device manufacturers being the worst performer at 88 percent; Medical treatment centers was second, having about 76 percent infection rate. Medical treatment centers recorded over 95 percent of the overall industry total, when the difference in the number of device manufacturers and hospitals are considered. Why do treatment centers have such high malware infection rates? One reason is that they house large number of IoT (Internet of Things) devices. These devices with wireless capabilities are lacking in appropriate security. The danger of IoT wireless devices in the treatment centers has the possibility of malfunctioning and potential of being a gateway for hackers to access the healthcare network and DBMS. There is also legacy infrastructure problem, such as patch and update management, especially for those facilities that have been in existence for a while.

The top 3 causes of health data breaches as reported in the Verizon 2015 Protected Health Information Data Breach Report: Lost or stolen assets (45%), privilege misuse (EoP) 20.3%, and miscellaneous errors (20.1%) (verizonenterprise.com, 2017).  

References

PWC Health Research Institutes. Top health industry issues in 2016. Thriving in the

New Health Economy. (2015-12). Retrieved (2017-26-6) from https://www.pwc.com/us/en/health-industries/top-health-industry-issues/assets/2016-us-hri-top-issues.pdf

Stone, J., Stolen medical data on the cheap after waves of healthcare hacks. (2016-26-

10). Retrieved (2017-26-6) from https://www.csmonitor.com/World/Passcode/2016/1026/Stolen-medical-data-on-the-cheap-after-waves-of-healthcare-hacks

Lemos, R. All about your ‘fullz’ and how hackers turn your personal data into dollars.

(2016-2-6). Retrieved (2017-26-6) from http://www.pcworld.com/article/3075539/security/all-about-your-fullz-and-how-hackers-turn-your-personal-data-into-dollars.html

Goenka, H. Is Your Medical Data Safe? Healthcare Industry, Most Hospitals Low On

Cybersecurity: Report (2016-4-11). Retrieved (2017-25-6) from http://www.ibtimes.com/your-medical-data-safe-healthcare-industry-most-hospitals-low-cybersecurity-report-2441697

Verizon. 2015 Protected Health Information Data Breach Report. (2017). Retrieved

(2017-26-6) from http://www.verizonenterprise.com/verizon-insights-lab/phi/2015/