If you store or process medical records you have a target on your back
The health care industry suffers 340% more security incidents and attacks than the average industry, while health companies are more than 200% more likely to encounter data theft*. To put some numbers to this, PwC recently calculated the average number of daily security incidents to be 117,339** – that’s 42.8 million in the year, almost double the amount that occurred in 2011. That’s a lot of incidents, and health care companies have to deal with more of them than any other industry.
* The Raytheon/Websense 2015 Industry Drill-Down Report Healthcare
**The Global State of Security Survey 2015
Patient medical records are much richer and more sought after than other PII
Patient medical records are extremely rich, containing data such as home addresses, birthdates, social security numbers, insurance policy data, billing details; you name it. That’s considerably more information compared to credit card details or government records, making health information more valuable to criminals. In fact, in 2014, BitSight Chief Technical Officer Stephen Boyer put the “street value” of medical records at $20/ each, while credit card records were valued at just $1*. Put yourself in the position of the hacker – which data would you target?
Your reputation is at stake
Medical identity theft incidents increased by 21.7% between 2014 and 2013. And 65% of medical identity theft victims that responded to the Fifth Annual Study on Medical Identity Theft Survey, stated that they had to pay an average of $13,500 to resolve the crime. Imagine if this is one of your customers, what do you think the victims are saying to their friends, family and colleagues? And as for the media… let’s just say protecting data dynamically is a better option.
* Benchmark Study on Patient Privacy and Data Security, Ponemon Institute
The more the merrier
Compounding the fact that EHR are the most valuable and sought after forms of PII (by criminals) they are also exposed to the highest number of stakeholders. The eHealth matrix spans across multiple roles and third parties – from insurance advisors and claims adjusters, to doctors, surgeons and nurses, to clinic receptionists and pharmaceutical retail outlets. With all these stakeholders touching a health record at any given time, dynamically managing who can see what, from where and for what reason is critical.
**The IBM 2015 Cost of Data Breach Study
Three months is a long time
The victims of medical identity theft are a) seldom informed by the provider that their data has been stolen and b) only find out about the theft an average of three months or more after the theft occurrs. Minimizing the exposure of sensitive material with dynamic authorization will reduce the likelihood of EHR theft. Advanced dynamic auditing capabilities will help you to identify who has accessed what data in a database.
Fraud is costing you a fortune
Annual health care fraud losses in the US range between $90 billion and $210 billion from a total annual expenditure of $3 trillion. Naturally, this is bad news for health insurers who are footing much of the bill. While not all fraud is due to stakeholders having too much (or the wrong) access to sensitive data, a percentage of it is. A percentage that can be minimized by dynamically controlling who can access what data and for what reason.
Click here to read more on how you can secure access to sensitive data within the Health Care and Insurance industry.