By Idan Udi Edry, CEO, Trustifi.
Physician-staffing firm, EmCare, became the latest of several victims within the healthcare industry of an email phishing scam, as an unidentified hacker recently gained access to the accounts of multiple EmCare employees. The fallout was devastating: 60,000 people–more than half of which were patients–saw their personal information, such as names, birthdates, private clinical data and even Social Security numbers become compromised.
Company officials at EmCare have declined to provide specifics on when they first became aware of the email breach but offered that their focus going forward will be centered on “… providing impacted individuals information about the incident and guidance on how they can protect themselves.”
An alarming trend
The recent EmCare email breach is not an isolated incident within the healthcare industry. In fact, healthcare has become the most vulnerable industry for such incidents as the number of email data breaches in the last two years has witnessed a bigger increase in healthcare than in any other industry.
A recent article published on ModernHealthcare.com shows that the number of reported healthcare email breaches doubled between 2016 and 2017. While the number of incidents plateaued in 2018, the number of individual healthcare records that were exposed doubled from last year.
So why have healthcare providers become such a popular target among phishing hackers? While the financial industry is obviously “where the money’s at,” financial institutions have made it very easy for their customers to cancel and replace a stolen credit card. But you can’t just cancel and replace your social security number or other private information, and nowhere is such data more readily available to hackers than in healthcare records.
When you purchase a car, no one asks you if you’re going to get car insurance. It’s assumed that you will because it’s of vital importance. Yet for some reason, the same logic doesn’t apply to email security. Even for healthcare providers whose databases contain private information that if compromised, could place their patients in dire circumstances.