With the healthcare industry facing 340% more cyberattacks than the average industry, and with personal medical records now selling for ten times the price of credit card numbers on the “dark web,” it’s a safe bet we’ll see more healthcare data breaches in 2016.
Last year Congress responded to pleas from the healthcare provider community for additional resources to improve preparedness against cyber threats, and the Cybersecurity Information Sharing Act of 2015 was enacted. After such an alarming increase in medical data theft, providers have come to realize that in most instances it’s not if they get attacked, but when.
Here are some notable examples from 2015:
- High profile data breaches in 2015 included attacks on health insurer Anthem, Inc., exposing up to 78.8 million customers’ records, and Premera Blue Cross, exposing up to 11 million customers’ records.
- Leading up to last year’s whopping 340% increase, IBM’s Security Intelligence blog estimates that there was “a 1,166 percent increase in reported health care records breached from 2014 to 2015.” IBM further reports “that in the first 10 months of 2015, healthcare ranked #1 in terms of records compromised, with nearly 34 percent of all records compromised across all industries.”
- An August 2015 KPMG survey reported that “eighty-one percent of health care executives say that their organizations have been compromised by at least one malware, botnet, or other cyber-attack during the past two years, and only half feel that they are adequately prepared in preventing attacks.”
- And hackers aren’t just focused on major insurers or hospitals. The US Department of Health and Human Services’ Office of Civil Rights breach portal lists breaches of protected health information affecting a high percentage of individual physicians and community medical practices.
The legal consequences of a medical record breach can be devastating, its range potentially including lawsuits, fines, and government actions.
The threat of litigation is formidable. Medical providers who suffer a breach can be subject to both class action and individual lawsuits, based on allegations of negligence, breach of contract, and breach of various state data breach and consumer protection statutes. Class action lawsuits against Anthem and Premera, based on the breaches mentioned above, are ongoing.
And with the Federal Trade Commission (FTC) increasingly bringing legal actions against breached companies for insufficient data protection practices, providers can face fines of up to $1.5 million from the Department of Health and Human Services, in addition to various state-level fines.
So what can you do to minimize your practice’s risk of a data breach? Educate yourself, prepare for the worst case scenario and get insight to the security of your network from the industry experts at SLPowers. Contact us today to discuss a multi-tiered defense for your healthcare practice.