By now, nobody should need convincing of the need to secure data in motion. Whilst we’re the first to admit that not all data is sensitive, we also recognise that much of it has inherent value; not just to the owners of the data, but to any cyber-criminal who may be seeking to exploit it.
Nowhere is this more evident than in the field of healthcare data. The healthcare industry has consistently suffered more breaches of unencrypted data than any other over the past five years. In 2017, 491 beach incidents accounted for over 33 million lost or stolen records. (Source: Gemalto Breach Level Index).
Another day, another data breach
According to the HIPAA Journal, the number of reported healthcare breaches has grown steadily over the past decade, from 200 in 2010 to 359 in 2017, which means that healthcare data breaches are being reported at a rate of one a day.
Healthcare data breaches tend to make the headlines because of the potentially sensitive or emotive nature of the information held. The three biggest breaches in recent years – those suffered by Anthem, Premera Blue Cross and Excellus Health Plan in 2015 – were all the result of hackers/IT incidents and accounted for over 100 million stolen records.
Although medical data in and of itself may not have significant commercial value to a would-be hacker, it could provide a strong foundation for a more lucrative program of social engineering. The sensitive nature of data contained within an individual’s medical history could threaten the status of both personal and business relationships, exposing the data subject to potential extortion. It is surprising then, that more care is not given to the security of healthcare data.
If you were hoping that emerging cyber-security legislation was going to staunch the flow of data breaches, you were wrong. In Australia, for example, in the first full quarter since the introduction of the mandatory breach notification scheme, 242 breaches were reported.
In the US, HealthIT Security reported that data released in the Protenus Breach Barometer indicates over 1 million patient records were compromised in 110 breach incidents in the first quarter of 2018 alone.
Unauthorised access or hacking accounts for a significant majority of compromised records, though there are some notable exceptions. Take the recent incident in New South Wales, for instance, where over 1000 patient records were found in a derelict building. IT security professionals that are focussed on preventing systems access would do well to remember the security of physical records too.
Securing the breach
These statistics go to prove one thing. Prevention technologies alone are not enough to prevent data breaches. In the event of a breach, the only way to ensure the security of the data is to use strong and effective data encryption.
Whether you are looking to secure core IT infrastructure, or large-scale wide-area networks featuring thousands of connected IoT devices, encryption should be an integral part of your cyber-security strategy. If your teams are emailing sensitive patient records or using popular Box-type cloud applications for file sharing, then they are introducing unnecessary risk.
Senetas has a history of providing high-assurance encryption solutions to the healthcare industry, whether it’s securing patient records in the Cloud, or preserving the integrity of high-definition CCTV streams for patient monitoring.