According to a new report jointly produced by the Ponemon Institute and Merlin International, the medical/healthcare industry suffered nearly a quarter (23 percent) of all the data breaches that occurred in 2017. It gets worse. Those breaches exposed PHI and PII of more than five million individuals.
The reason for the shift away from credit card data to medical records comes down to profits. PHI and PII can often be sold on the Dark Web for ten times the amount that credit card information will bring. The hackers are simply obeying the laws of economics and going where the money is.
Brian Wells, the Director of Healthcare Strategy at Merlin International had this to say about the report:
“In an increasingly connected, digitally centric world, hackers have more opportunities and incentive than ever to target healthcare data, and the problem will only increase in scope over time.
Healthcare organizations must get even more serious about cyber security to protect themselves and their patients from losing access or control of the proprietary and personal information and systems the industry depends on to provide essential care.”
Worst of all, a shocking percentage of medical/healthcare companies don’t seem to be serious about cyber security at all. Although the average cost of a medical data breach is approximately four million dollars, a staggering 49 percent of companies in the industry don’t have an incident response plan of any kind. There’s no process in place to properly respond to an attack, or to mitigate the fallout if a breach occurs. These companies are sitting ducks.