Hackers are stealing data from providers at an astounding rate, which reflects the fact that information from healthcare records are worth far more on the black market than credit card numbers.
The number of hacking incidents in healthcare jumped over 1,800% from 2008-2013, according to a study from the Brookings Institution, the think tank in Washington, DC. Reviewing Health and Human Services reports of data breaches in which more than 500 patients were exposed, the Brookings Institution found that the number went from just 13 in 2008 to 256 in 2013.
“The healthcare sector is an increasingly attractive target for hackers,” according to the report, which comes on the heels of the recent data breach at Anthem, the prominent health insurer. Thought to be the largest healthcare data breach in history by a wide margin, the insurer reported that the breach affected 80 million people.
Brookings also noted on its web site that hacking in healthcare poses problems not encountered by the same crime in a retail setting. Customers of a department store that has been hacked can choose to shop elsewhere, but it is hard for people to move to a new healthcare provider because of insurance and employer requirements.
Brookings notes that the penalties for a privacy breach might not be large enough to prompt healthcare organizations to pay for adequate security. Healthcare organizations that “knew, or by exercising reasonable diligence would have known” of the privacy violations but did not prevent them could potentially be fined a maximum of $1.5 million,” the Brookings blog post states. “To put this in perspective, note that the net income of Anthem in 12 months ending on December 31st, 2014, was $2.5 billion. If Anthem were proven guilty of willful neglect, which is very unlikely, it could lose 0.00058% of its net income,” Brooking notes. “Anthem makes that much money in one hour and 15 minutes.”
