SCV Voices: Data Breaches Involving Private Medical Information on the Rise

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.signalscv.com/section/434/article/137738/

A recent report by The Journal of the American Medical Association (JAMA)
reveals that criminal theft, malicious hacking and data breaches involving
private healthcare and medical information has increased substantially
during the past few years.

According to the JAMA study, almost 30 million health records nationwide
were involved in hacking incidents and data breaches over the past four
years. This trend is continuing. Hackings doubled during the study, from
almost 5 percent of incidents in 2010 to almost 9 percent in 2013.

With respect to cyber breaches involving healthcare information, the
compromised information typically includes patients' names, home addresses,
ages, illnesses, test results, and Social Security numbers. In addition to
the usual concern that cyber criminals will use or sell compromised private
information for monetary gain utilizing identity theft and credit card
fraud, experts believe that hackers who obtain private healthcare
information also utilize the information to fraudulently obtain medical and
insurance services.

The researchers who compiled and authored the JAMA study also noted that
they believe that the recent rise of data breach incidents are leading some
patients to avoid giving doctors sensitive information about their health,
including substance abuse, mental health problems, and HIV status.

As the JAMA editorial pointed out, "[l]oss of trust in electronic health
information systems could seriously undermine efforts to improve health and
health care in the United States."

Analysts contributing to the JAMA report also reviewed online databases
regulated by the U.S. Department of Health and Human Services that contain
mandated reports of breaches in health information protected by federal
privacy law. Over four years, 949 data breaches were reported across the
country. The numbers climbed annually, from 214 in 2010 to 265 in 2013.
Nearly 60 percent of these breaches involved some kind of criminal theft.

Large scale breaches in the healthcare community have also seen their fair
share of high profile incidents. In addition to the mass data breach last
year at Anthem, Premera Blue Cross recently reported in March of 2015 that
it was a victim of a cyber attack that may have exposed medical data and
financial information of 11 million customers.

Premera believes hackers gained access to claims data, including clinical
information, along with banking account numbers, Social Security numbers,
birth dates and other data in an attack that began in May 2014. Preliminary
investigations indicate that the Premera breach is the largest breach
reported to date involving patient medical information. About 6 million of
the patients whose accounts were hacked are residents of Washington state,
where Premera customers include Amazon.com, Microsoft and Starbucks. The
rest of the patients are scattered across the United States.

Patients should be particularly alert to cyber threats, including
"phishing" emails from hackers posing as doctors or healthcare
professionals that use fraudulent hyperlinks to launch harmful malware when
clicked. When in doubt, always call the healthcare provider to confirm the
legitimacy of email or electronic communications. While cyber attacks are
on the rise across all business sectors, everyone should be aware that this
rise in data breaches also includes the theft of private medical
information held by healthcare providers and insurers.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!