Sensitive health data is being increasingly targeted by hackers just when health and fitness wearables – like the one on your wrist now – are exponentially increasing the pool of data for the stealing.
As reported by eWeek.com, a new study by U.S. law firm BakerHostetler revealed that hacking has over taken human error as the leading cause of security incidents. The report analyzed data from over 300 data security incidents the firm advised on.
Malware, phishing and hacking incidents comprised 31% of data security incidents in 2015, replacing human error as the top incident cause. And the leading industry targeted was healthcare (23%), followed by financial services (18%) and education (16%).
“Health care organizations are in the business of taking care of patients or supporting patient care in some fashion,” said Lynn Sessions, privacy and data protection partner with BakerHostetler. “They have not traditionally needed the level of data security that is required today. You also hear about more health care breaches because HIPAA (Health Insurance Portability and Accountability Act) requires notification, and media release with a low threshold.”
Market continues to grow as security a second thought
With the rapid proliferation of health and fitness wearables comes the generation of an exponentially increasing amount of health-related data. Simultaneously, concerns are increasing that current data management and security among both private and public organizations are woefully ill-prepared to defend private data from hackers increasingly targeting sensitive personal health information.
“Health care providers and health plans have a gold mine of information that criminals can monetize – such as SSNs, health insurance information, and general health information,” she said. “There has been a lag with the implementation of the HIPAA security rule in 2005 and the enforcement that came along with HITECH (Health Information Technology for Economic and Clinical Health Act) in 2009.”
“The most concerning finding was to see that hacking/phishing/malware was the leading cause of incidents last year, especially the increase we saw in health care incidents,” Sessions said. “We could feel the tide begin to turn in 2014, which continued into 2015. However, with the number of incidents we handle, it was surprising to see that was the leading cause.”