At a time when organizations across all industries fear data breaches and cyberattacks, those in healthcare have greater reason to be on edge. Troves of sensitive health data, a wealth of connected medical devices, and poor risk management practices make healthcare a hot target.
Between 2009 and 2018, there have been 2,546 healthcare data breaches involving more than 500 records, HIPAA Journal reports. These incidents have led to the exposure of 189,945,874 healthcare records. While 2015 has been the worst year on record, with some 113.3 million records exposed, there has been a general upward trend in the amount of compromised data.
For cybercriminals, health data is far more valuable than other types of information they sell for profit. A protected health information (PHI) record, for example, is worth 100 times as much as a credit card number on the Dark Web, Bugcrowd states in its recently published "State of Healthcare Security 2019" report. More than half of healthcare organizations lack strong confidence in medical device security.
Organizations that handle PHI must have physical, network, and operational security measures to ensure HIPAA compliance. Checking the boxes isn't easy: Despite standards like ISO/IEC 800001 and the NIST Cybersecurity Framework pushing to change healthcare tech, the industry's increasing digitization is putting sensitive data at risk.
"The big issue is the widespread use of medical devices and IoT devices connected through the Internet," says Dr. Larry Ponemon, chairman and founder of the Ponemon Institute, which published "The Economic Impact of Third-Party Risk Management in Healthcare" on behalf of Censinet. Large healthcare organizations like the Cleveland Clinic are taking this seriously and investing more resources ..
Support the originator by clicking the read the rest link below.
