Most health data breaches malicious, not accidental

The number of health data breaches is growing with the push to electronic records, and increasingly thieves are targeting their attacks, according to data security firm ID Experts.

Health data is targeted for the value it holds and the ease with which hackers can gain access to it, Rick Kam, president and co-founder of ID Experts, recently told American Medical News. While there are still plenty of breaches occurring due to lost or stolen laptops, many instances of data loss or exposure are no accident, he said.

Hackers often are more interested in financial information they can use in identity theft and other fraud schemes, though that data increasingly is prized for numerous commercial ventures. Healthcare data generally goes for $50 per record on the black market, according to Kam, and thieves increasingly will sit on stolen data for some length of time before trying to sell or access it. That, he added, means that organizations need to implement response plans that include long-term diligence and monitoring.

Too many organizations, though, rely too much on technology to protect their data rather than focusing on how they can use the technology correctly and training employees to be better stewards of the data, according to John Sileo, CEO of data security consulting firm Sileo Group.

They also need to be vigilant in training business associates, who will be subject to the same HIPAA regulations as providers starting in September, Kam said.

A collaboration of stakeholders--including the Federal Trade Commission, the Secret Service and the Veterans Administration--are expected to formally launch the Medical ID Fraud Alliance this fall to help develop best practices to protect against breaches and medical identity theft, according to Robin Slade, CEO of The Foundation for Payments Fraud Abatement & Activism. That organization also is expected to produce materials to better educate consumers about the threat of medical breaches.

Privacy experts who spoke at the Healthcare Privacy Summit in Washington, D.C., last month said too many organizations' breach responses are reactive. They also warned we're only seeing the beginnings of what's possible in security fissures at healthcare organizations.

To learn more:
- read the amednews article