Data breaches are expected to increase in 2015, with healthcare "a vulnerable and attractive target for cybercriminals," according to Experian's 2015 Data Breach Industry Forecast.
The study's authors urge the industry to step security-preparedness efforts.
Electronic medical records and consumer-generated data from wearables and other devices will continue to add to the vulnerability and complexity in securing personal health information (PHI), the report notes.
At the same time, the authors say many doctors' offices, clinics and hospitals may not have adequate resources to safeguard patients' PHI. It points, for instance, to the vulnerability posed when patients carry a Medicare card to the doctor's office. That card includes the patient's Social Security number, as well as information that can be used for medical identity theft, a growing problem.
Among the security issues Experian cites across industries:
- Employees remain the leading cause of compromises, but will receive the least attention, it says. It attributes 59 percent of security incidents in the past year to people-based breaches.
- The increasing number of networked devices and systems--the Internet of Things--could usher in the next wave of large third-party breaches.
- The increasing use of cloud-based services also is expected to be an attractive target for cybercriminals.
- As "chip and PIN" technology becomes the required standard for payment systems in October 2015, criminals face a closing window in the first part of the year to hack existing payment technology.
Healthcare could be in for the types of massive data breaches that Target and eBay have experienced, according to BitSight Technology, which maintains the healthcare industry's security preparedness lags that of retail.
At the same time, most healthcare organizations are not prepared for the level of sophistication and persistence that hackers have demonstrated in attacking retail, Ken Westin, security analyst with Tripwire, told PCWorld. In hiring top health IT executives, it's better to focus on security skills over healthcare experience if it comes down to hard choices between the two.