What's Fueling the Surge in Health Data Breaches?Analysis of the Findings of Latest Ponemon Benchmark Study
Breaches in the healthcare sector are continuing to surge, in part, because cybercriminals are building big data resources that can be used to fuel fraud. That's one of the conclusions drawn from the new report, "Sixth Annual Benchmark Study on Privacy and Security of Healthcare Data."
In an in-depth audio interview with Information Security Media Group (see player below photos), Larry Ponemon, chairman of the Ponemon Institute, a research organization that conducted the study, and Rick Kam, president of ID Experts, the report's sponsor, analyze the implications of the survey's findings.
Nearly 90 percent of healthcare organizations that participated in the study said they had experienced a data breach in the past two years, and 45 percent said they had more than five data breaches in that period. The report estimates that data breaches could cost the healthcare industry $6.2 billion annually.
"When we first started doing this survey six years ago, the negligent or careless employee was the ... most significant threat. Now it's the criminal," Ponemon says.
In its analysis, Ponemon's research organization "looked at root causes of the data breaches, and the actors committing the crimes, he says. "It could be a malicious insider - someone selling a record for $5 apiece - and it's a second source of income for them and they don't understand the harm or the damage that causes. But it could also be external hackers who try to get into these systems and exfiltrate large amounts of data. It's not just one actor, it's many different kinds of crimes and criminal activity. The goal is to steal the high-value information and monetize it."
Hackers responsible for the growing number of health data breaches "now have access to big data ... databases, data mining and data analytics tools," Kam notes. "This combination creates a higher level of risk to consumers. By combining various data elements from breaches, cybercriminals "now have a much clearer picture of how to compromise an individual's identity," he says.
In the interview, Ponemon and Kam also discuss:
- Other findings from the study, including ransomware attack trends;
- Identity theft and fraud trends resulting from health data breaches;
- Emerging privacy, security and safety risks posed by mobile applications, medical devices and the Internet of Things.
Ponemon is chairman and founder of the Ponemon Institute, a research firm focused studying privacy and data protection issues. He also an adjunct professor for ethics and privacy at Carnegie Mellon University's CIO Institute.
Kam is president and co-founder of ID Experts, a provider of data breach response services. He also leads and participates in several cross-industry data privacy groups, including the PHI Protection Network and the Medical Identity Fraud Alliance.