It’s difficult to overemphasize just how vulnerable many healthcare organizations are to cyber attacks. The healthcare industry as a whole simply hasn’t adopted the sorts of protections, best practices, and security awareness as other markets like finance or defense. One has to look no further than the biggest data breaches so far in 2015 - Healthcare is at the top of the list.
Why is healthcare such a big target? The Workgroup for Electronic Data Interchange (WEDI) recently published a primer on healthcare cybersecurity and identified several important factors that set the industry apart:
- Despite the implementation of new EHR systems and critical infrastructure for healthcare data exchange, healthcare generally hasn’t kept up with other vertical markets in terms of security, creating “low-hanging fruit” for would-be attackers.
- Medical data contains information of much higher monetary value than credit cards or other financial data; hackers can get up to ten times the price for medical records that they can for credit card numbers because it is easier to exploit for identity theft and harder to detect when used for fraud.
- Medical records aren’t just a target for organized crime and hackers looking for financial gain. The rich personal information they contain is attractive to nation-states for espionage, bringing vast hacking resources to bear against healthcare organizations.
As Tony Giandomenico, Senior Security Strategist at Fortinet, explained,
“While organized crime tends to conduct mass attacks driven by profit, government-sponsored attacks can often be more targeted and coordinated in spanning across networks of specific business partners to gather intelligence and account information.”
While increasing attention from hackers with powerful motivations to steal healthcare data, the sheer volume and variety of information is also creating new security issues for healthcare IT. We recently interviewed Devin Jopp, President and CEO of WEDI, about the challenges of healthcare cybersecurity. He pointed out that,
“What we’re seeing is that the amount of information is only multiplying...you had your clinical data, now you’ve got all the patient-generated data that’s coming to the door - the wearables and next generation data sources. We’re seeing a bigger move towards cloud computing and we’re also seeing more in terms of mobile...that’s really starting to put more requirements on [healthcare] companies.”
You can see the complete interview with Devin Jopp below.