California released a pretty awesome data breach report last week. This report discusses the importance of increased security for all industries, but most importantly for healthcare, finance and retail industries. The report showed that of the 167 breaches reported in California in 2013, Healthcare represented 15%. Retail and Finance were the only two industries higher (keep in mind the fact that Target alone accounted for a ridiculous number of retail breaches, increasing their number).
Some of the most interesting findings were on the subject of the need for more data protection in the healthcare industry.
- 70% of healthcare breaches were the result of stolen or lost hardware or digital media containing unencrypted personal information
- 55% of healthcare breaches involved social security numbers
- Nearly 1/2 of data breaches in 2013 involved SSNs, making them most compromised data type in 2013
- 1.5 million records affected by healthcare breaches in 2013
- Avg. cost to victim is: $64 for credit card account, $170 for debit card, $222 for checking account & $289 for SSN
So how should the healthcare industry go about protecting “protected healthcare information?” Encryption.
Many of the healthcare breaches could have been prevented if the breached institutions had stronger encryption technology in place. Institutions must realize that if their security methods are not up to date with today’s security standards, then they must take action to decrease their chance of a breach.
Having weak encryption is one thing, but there is another major factor that is placing a bright red target sign on healthcare information. The devaluation of credit card information is another catalyst.
Chips cards and tokenization have increased in popularity over the years, making credit card data less attractive to cyber criminals. These chip-embedded cards are much more secure than the typical magnetic strips (the same ones used since the 1970s and most likely sitting in your wallet right now). The finance and retail industries are expected to be the first to adopt these technologies within the states. In fact the retail industry expects 505 million chips to be installed by 2015. These chips have proven to work in countries that have adopted them (80 countries world-wide). This again places the target on healthcare data, and healthcare institutions rarely have the budget to adopt new technology.
Cyber criminals mean business. They want healthcare data, and they want it now. If you are a healthcare institution, you MUST encrypt your data. Especially data in transit i.e laptops, emails and other forms of digital media. For healthcare institutions it’s either encrypt, or see yourself compromised.
Product Marketing Manager