According to the Experian report, “2014 Data Breach Industry Forecast,” healthcare will be a hotbed of consumer data breaches in 2014.
Why will healthcare, as an industry, be so susceptible to such publicly disclosed and widely scrutinized breaches?
- Sheer size. In 2013 Americans spent more than $9,210 per capita on healthcare.
- Expanded “attack surface.” 1.1 million Americans have enrolled through the exchange since it opened in October 2013.
- Tightened rules. The industry will feel the full force of tightened rules concerning HIPAA and protecting health information and disclosing breaches. The final omnibus rule greatly enhances a patient’s privacy protections, provides individuals new rights to their health information, and strengthens the government’s ability to enforce the law.
Michael Bruemmer, the author of the Experian report, claims the web infrastructure to support health insurance reform was “put together too quickly and haphazardly.” These sites have largely been unable to keep up with consumer demand. Organizational infrastructure behind the implementation of Obamacare is complex, meaning many parties have access to the personal data. Bruemmer continues, “So we have volume issues, security issues, multiple data handling points – all generally not good things for protecting protected health information and personal identity.”
With the massive shift occurring in healthcare, many participants in the industry don’t view themselves as being in the data management business (think of your local physician’s office). While they do not intend to compromise patient information they may not be adequately prepared to protect against the overwhelming threats that exist. In many cases, data breaches can be blamed more on lost laptops, failing to shred paper records and employee error than advance hacking techniques.
Health data is valuable and the threat for breaches will continue to increase. Records suitable for identity theft jump in value when enriched with health data because it can be used for medical and insurance fraud. The best defense is always a superior offense and ensuring you have a plan in place is half the battle.
What does BASIC do to ensure client’s data is protected? Across all products and services we use advance technology and where appropriate bank level encryption that goes above industry standards. We hold ourselves to the highest standard with annual third party assessments to ensure the integrity of our systems.