Data security should be a major concern to the Healthcare industry in Nigeria, the fact that we have not been hit by a major data breach in this part of the world should be a topic for discussion on how important we hold healthcare data in Nigeria.
Globally more than 750 data breaches occurred in 2015, the top seven of which opened over 193 million personal records to fraud and identity theft. The top three breaches of data security were from the healthcare industry.
The largest healthcare breach ever recorded was that of the health insurance company, Anthem. The breach exposed the personal records — including names, birth dates, Social Security numbers, home addresses and other personal info — of 78.8 million current and former members and employees of Anthem.
Other major healthcare cyber attacks and data breaches include Excellus BlueCross BlueShield and Premera Blue Cross. These breaches alone exposed the information of more than 21 million members.
The attacks didn’t stop in 2015. In June 2016 alone, more than 11 million healthcare records were exposed because of cyber attacks. According to a new survey conducted by Ponemon, the private research institute, the average cost to healthcare organizations per record breached is $355, compared to $158 per lost or stolen record in other industries. The average total cost of a data breach for the 383 companies who participated in the Ponemon research was $4 million. Looking at these numbers, it is obvious that cyber and data security is a major concern for healthcare.
With all these data breaches happening around the world, it is easy to say none happened in the healthcare sector in Nigeria partly because most of our data are still not digitized, but with the digital transformation sweeping every sector of the economy and recent adoption of the electronic medical records (EMR) by hospitals it is pertinent that the healthcare sector should hold data security in high esteem. However, there are different reasons why premium priority should be placed of the security of healthcare data.
The Sensitivity & Continuous Usability of Healthcare Data
Stolen healthcare data fetch a smaller price than stolen financial records, so the motivations behind stealing and selling bulk medical data are unclear. However, according to a “Health Warning” report by the Intel Security McAfee Labs, cybercriminals are putting more time and resources into exploiting and monetizing healthcare data.
Financial data can quickly become unusable after being stolen because people can quickly change their credit card numbers. But medical data are not perishable, which makes them particularly valuable. Some in the medical industry speculate that medical data could grow to rival or surpass financial data in value on the black market, but research by Intel Security in 2016 has shown that this is not yet the case. So far, the most valuable data targeted by cybercriminals are pharmaceutical and biotech intellectual property.
Understanding and Combating the Threat
The healthcare industry is comparatively unprepared when it comes to data security. Confronting the problem involves not only understanding the threat, but being proactive with combating it, which means not only solving old problems but racing to protect against new ones.
According to the HIPAA journal, 91 percent of cyber attacks come from phishing emails. Often phishing emails are personalized — they may come from somebody who is ostensibly a business associate, with an urgent subject line and an attached document that allows a virus infection. People with large workloads are more likely to blindly click on these emails In order to remedy this problem, proper training is required for maximal computer literacy. In other words, the key to dramatically reducing security breaches could simply be a matter of designing, implementing and testing proper data security training.
But for the attacks that are more sophisticated in exploiting existing data vulnerabilities in healthcare, new forward-thinking techniques for protecting medical data are necessary. Health care institutions, business associates, and health care technology purveyors all need to keep lines of communication constantly open in order to keep abreast of evolving security risks and their solutions.
The risks and costs associated with healthcare data security breaches are too high, and the confidential, personal health data of millions are at risk. This makes data security health care’s biggest concern today, and a problem for which innovation and communication are of the utmost importance.
With healthcare data security solutions the risk of data breaches can be minimized.