Is the healthcare sector the next target in the UK for hackers to bring about a major data breach?
In the US over the past year there have been a number of high profile and costly data breaches, the largest of which was suffered by the health insurer , Anthem Inc where 80 million personal records were stolen, in addition to this there were four other known multi-million record data breaches in this sector. In the UK the number of data breaches so far have been small in comparison and have been limited to loss of laptops and USB’s causing minor data breaches.
According to the 2015 Global Ponemon Institute Study on data breaches there are signs of a significant increase in cyber attacks in the healthcare industry . The study identified that 91% of healthcare organizations have been subject to one data breach. Cyber attacks in this sector were also up by 125% from 2010 to 2015.
The healthcare sector in the UK data extends to many establishments , the foremost being hospitals , clinics, health insurers , care & retirement homes , universities and colleges.
So what types of data are stored by these bodies that would make them attractive to a hacker ?
Patient Information
- Medical records
- Test Records
- Appointment information
- Medical insurance details
- Credit card and bank card details
Employee Information
- National Insurance records
- Salary details
- Bank details
- e-mail addresses
- telephone numbers
In addition to this these bodies are likely to be dependent on third parties who may provide or store some of this data.
Where would a possible threat come from that might cause a data breach ?
Insider Threats
Employee negligence where as a result of an error causes a security failure or they carelessly leave a lap top on a train
Employee ignorance where inadvertent disposal of personal data occurs or perhaps a lack of training and awareness
A malicious employee who may be unhappy and wishes to cause disruption
Outsider Threats
Hacker attack which can take the form of many methods such as by the injection of malware into a computer system or the bringing a phishing attack.
Theft being caused as a result of social engineering tool to disguise e-mails that may lead to an extortion threat in an effort to release data.
Third party vendors who may have been breached themselves and caused a subsequent data breach to the primary entity.
Why are healthcare records being targeted by hackers?
- Healthcare records are worth 5 times more than the value of credit cards
- Credit cards can be cancelled
- The value of healthcare data can be utilized for a wider variety of purposes
What are the end use for healthcare records?
- Personal Identity Theft
- Financial Identity Theft
- Various forms of insurance fraud
- The falsifying of prescriptions
The Healthcare sector in general has a number of challenges including the management of on-going conversion from paper records to digital files and maintaining of computer security that constantly require updating to keep pace with the technology that hackers now possess.
Aside the threat of a data breach is the threat that more medical devices are connected to the network and the ensuing connection to IP networks which exposes devices to more cyber attacks. The “Internet of Things” is also a real threat to this sector and more so to patients where there is an ability to hack medical devices like insulin pumps or pacemakers.
Cyber liability insurance can play an important role to help mitigate a serious data breach and should be a important consideration by organizations in this industry. This sector is perceived to be in a high risk category by the insurance market and it is therefore an area that cyber security consultants can add considerable value here to help insurers assess the relative exposures and offer commensurate premium and terms.