An article over at CIO compares health records to credit cards and unfortunately they come to a gloomy conclusion:
Health records are worth more and easier to get
The value of health records
“Cyber criminals are now going after health care records because they hold up to ten times more value on the black market over simple credit card numbers,” said Carl Wright, general manager at San Mateo, Calif.-based TrapX.
What can stolen health records be used for?
Electronic health record information can be used for billing scams that go as high as the value of the health insurance policy, to purchase prescription drugs for resale on the black market, and also for run-of-the-mill identity theft.
Use 2-factor authentication
Many of the recent breaches involve compromised credentials and abuse of privileges. The attackers get access to a user account, then leverage that access to get them into other accounts, until they find one that gets them to the data that they want.
A second authentication step can make a huge difference.
Like banks that send a text message to confirm unusual transactions, companies can also use out-of-band authentication.
Those extra five or ten seconds, while only slightly inconvenient, could have saved Premera, Anthem, and Target, said John Zurawski, vice president at Chicago-based Authentify Inc.
Health care sector under attack
“Multiple health insurers have recently detected breaches with similar tactics and timelines, indicating seriously elevated risk levels to health insurers and the healthcare sector generally,” confirmed Adam Meyer, chief security strategist at Sterling, VA-based SurfWatch Labs Inc. “I expect the healthcare industry to see increased attacks.”
Will the recent rash of healthcare related breaches be the wake-up call that the industry needs? If it is not, then patients and healthcare organizations are in for a lot more breaches.
Understand a HIPAA / Meaningful Use
Organizations need to perform a Risk Assessment to determine the likelihood of risks and what additional security measures should be put in place to protect patient information.
to better understand the HIPAA Risk Assessment process