Stolen health data increasingly sought after for commercial ventures

Info can be sold over and over without original owner's knowledge
Tools

Though hackers generally go after healthcare information they can use in identity theft and other fraud schemes, that data increasingly is prized for numerous commercial ventures--even marketing, according to an article published by The Information Daily.

"Data attacks are increasingly being carried out to gain access to information, which can then be used--and re-used again and again--sometimes even for marketing purposes," David Gibson, vice president of data governance specialist Varonis Systems, tells Information Daily. His company calls healthcare data the "new oil"

The information can be partially and wholly replicated numerous times without the original owner's knowledge--and the new owner might be unaware of the content's origins, according to the article.

Indeed, 94 percent of healthcare organizations had at least one breach in the past two years, according to an infographic posted to backgroundcheck.org, citing information from a Ponemon report published in December.

The infographic notes that 21 million patients were the victims of a healthcare data breach during three years covered in a 2012 report from the U.S. Department of Health & Human Services Office for Civil Rights (OCR). An analysis of those breaches, however, revealed a decline in large-scale breaches and that 57 percent of them were linked to business associates, according to IT security audit firm Redspin. Not so coincidentally, the new HIPAA regulations cover business associates.

However, OCR head Leon Rodriguez recently pointed out that his agency found it could hack into hospital EHRs simply by sitting in the parking lot using a laptop.

Varonis' research, meanwhile, finds that nearly three-quarters of employees say they are allowed access company data from their personal devices. And 57 percent of employees believe that using a personal device for work could pose a security risk to them personally through potential leakage and misuse of confidential data.

Yet two-thirds of healthcare organizations lack a written mobile strategy, according to a poll of nearly 300 healthcare organizations by Amcom Software. A scary fact from that survey: 37 percent of the respondents said they had no plans to implement such a strategy in their organizations.

To learn more:
- find the article
- view the infographic

Related Articles:
Stakeholders must double up on EHR security
Chinese hackers targeting the healthcare industry
Fewer patients impacted by large-scale data breaches in 2012
Two-thirds of healthcare organizations lack a written mobile strategy
Healthcare system hackers usually after financial info
Business associates now liable for breaches