A massive health data breach is on the horizon, security experts say, that points to lackluster response to growing threats both by the industry and in Congress, according to Politico.
"What I think it's going to lead to, if it hasn't already, is an arms race between the criminal element and the people trying to protect health data," Robert Wah, president of the American Medical Association and chief medical officer at the health technology firm CSC, tells Politico. He adds that cybercriminals are "incredibly sophisticated."
Healthcare is the industry least-prepared for a cyberattack, according to a recent report from security ratings firm BitSight Technologies. With adoption of electronic records a recent trend, the industry's lack of experience with cybersecurity makes it more vulnerable to intrusion than retail or financial services.
While a stolen credit card or Social Security number is worth $1 or less on the black market, according to BitSight, a medical record with a complete identity profile can be worth up to $500, according to Politico.
With health records, criminals can build a full profile, Wah points out.
"They're seeking health records not because they're curious about a celebrity's blood type or medication lists or health problems," Wah tells Politico. "They're seeking health records because they can do huge financial, fraudulent damage, more so than they can with a credit card number or Social Security number."
Other security experts warn against being too focused on privacy and confidentiality rather than cyberintrusion.
An alarming number of breaches are occurring, according to the federal government. The records of nearly 31.7 million people have been exposed since the U.S. Department of Health and Human Services mandated reporting in September 2009.
Meanwhile, roughly half of the respondents to HealthsystemCIO.com's most recent CIO advisory panel survey rank their security abilities "about average."
What's more, many hospitals themselves are leaking valuable information online and are "very sloppy" when it comes to security efforts, according to a pair of researchers.
To learn more:
- read the article