We’ll see more healthcare data breaches in 2016. You could bet on it. Why? It is a known fact that personal medical records are being sold now for ten times the price of credit card numbers on the “dark web” and cyber-attacks in the healthcare industry happen 340% more than in any other industry.
This increase in data theft is alarming, and in most instances is not if they get attacked, but when. That is why last year Congress responded to the healthcare provider community by enacting the Cybersecurity Information Sharing Act of 2015, which advise to improve preparedness against cyber threats.
Some notable examples from 2015 are:
- A blog from IMB’s Security Intelligence estimates that there was “a 1,166 percent increase in reported health care records breached from 2014 to 2015.” IBM also reports “that in the first 10 months of 2015, healthcare ranked #1 in terms of records compromised, with nearly 34 percent of all records compromised across all industries.”
- According to a KPMG survey from August it was reported that “eighty-one percent of health care executives report that their organizations were compromised by at least one malware, botnet, or other cyber-attack during the past two years, and only half feel that they are adequately prepared in preventing attacks.”
- High profile data breaches in 2015 exposing up to 78.8 million customers’ records - included attacks on health insurer Anthem, Inc. and Premera Blue Cross, exposing up to 11 million customers’ records.
- Hackers aren’t just focused on major insurers or hospitals. The US Department of Health and Human Services’ Office of Civil Rights breach portal listed breaches of protected health information that is affecting a high percentage of individual physicians and community medical practices.
All medical providers who have suffered a breach can be subject to class action and individual lawsuits, based on allegations of negligence, breach of contract, and breach of various state data breach and consumer protection statutes. Class action lawsuits against Anthem and Premera, based on the breaches mentioned above, are ongoing. The legal consequences of a medical record breach can be annihilating, its range potentially including lawsuits, fines, and government actions.
The threat of litigation is formidable. Providers can face fines of up to $1.5 million in addition to various state-level fines from the Department of Health and Human Services now that the Federal Trade Commission (FTC) is increasingly bringing legal actions against breached companies for deficient data protection practices.
You need to be prepared by educating yourself first, and remember that EOX Technology can provide you with the appropriate solution specifically for your company.