Guest post by Alex Horan is the senior product manager at CORE Security.
In 2012 we saw an increasing number of health breaches across the country – and across continents. We saw an employee’s lost laptop turn into a healthcare records breach of more than 2,000 sensitive medical records of Boston Children’s Hospital patients. We heard how one weak password allowed a hacker to access the Utah Department of Technology Services’ server and steal approximately 780,000 patients’ health and personal information. We even read about Russian hackers encrypting thousands of patient health records and holding the information for ransom for thousands of dollars.
Healthcare fraud or medical identity theft put both individuals and healthcare organizations at huge and severe risk. Since 2010, Ponemon Institute has annually benchmarked the progressing and evolving issues of patient privacy and security. The third annual study, released in December 2012, found that healthcare organizations still face an uphill battle in their efforts to stop and reduce the loss or theft of protected health information (PHI) and patient records. What’s more, data breaches can have severe economic consequences – and the repercussion costs are only climbing. The study estimates the average price tag for dealing with breaches has increased from $2.1 million in 2010 to $2.4 million in 2012. The report projects that the economic impact of continuous breaches and medical identity theft could be as high as $7 billion annually, for the healthcare industry alone.