Data Breaches Expected To Surge
By Katie Wike, contributing writer
An Experian report predicts breaches of data and patient privacy will be bigger and more numerous than in the coming year
A study by Experian, 2014 Data Breach Industry Forecast, notes, “The number of data breaches both experienced and reported is expected to continue to rise, with new security threats and regulations pushing for more transparency on the horizon. All signs are pointing to 2014 being a critical year for companies to better prepare to respond to security incidents and data breaches.” The study anticipates a particularly trying year for the healthcare industry, noting it “will be the most susceptible to publicly disclosed and widely scrutinized data breaches in 2014."
"The sheer size of the industry makes it vulnerable when you consider that as Americans, we will spend more than $9,210 per capita on healthcare in 2013,” reports InformationWeek Healthcare. “Add to that the Healthcare Insurance Exchanges (HIEs), which are slated to add seven million people into the healthcare system, and it becomes clear that the industry, from local physicians to large hospital networks, provide an expanded attack surface for breaches.”
Michael Bruemmer, vice president of Experian’s breach resolution service, Data Breach Resolution, and author of the report, said healthcare accounted for about 46 percent of the breaches his division serviced in 2013. Unfortunately, Bruemmer expects that number to rise in the New Year.
According to InformationWeek Healthcare, “Bruemmer said he is basing this prediction at least partly on reports of security risks posted by the HealthCare.gov website and the health insurance exchanges established by various states. The web infrastructure to support health insurance reform was ‘put together too quickly and haphazardly.’ The most glaring problem for these sites has been their inability to keep up with consumer demand. The organizational infrastructure behind the implementation of Obamacare is also complex, meaning that many parties have access to the personal data and could misuse or mishandle it. ‘So we have volume issues, security issues, multiple data handling points - all generally not good things for protecting protected health information and personal identity information.’”
Factors contributing to the expected surge in healthcare data breaches include more stringent rules protecting health information, providers not realizing they are in the data management business, and “people doing dumb things.”
“Whether stolen or accidentally disclosed, healthcare data is valuable, and that makes it a target. On the black market, personal records suitable for use in identity theft are worth $10-$12 each at the low end or maybe $25-$28 for a particularly attractive identity, he said. When enriched with health data, the value of an identity data set jumps to about $50 per record, because then it can be used for medical and insurance fraud.
"’The threat is out there, and the threat is going to get bigger,’ Bruemmer said. ‘The point is to ensure that you're prepared and have a plan in place.’"
Want to publish your opinion?