Dive Brief:
- A new report from Forrester says the healthcare industry is way behind when it comes to protecting American’s data.
- Over the last 14 months, five healthcare breaches accounted for 77% of all breached records
- Forrester also predicts that in 2016, hackers will release ransomware for a medical device or wearable.
Dive Insight:
Insurance companies, hospitals and doctors allocate an average of just 14% of their IT budgets to security, while other industries are investing upward of 20%, according to the report.
"When it comes to preparedness, they're woefully behind and that, to me, is the most concerning thing," said Forrester analyst Stephanie Balaouras. "They've done it begrudgingly and they've done it as something that they need to comply with at the lowest possible cost, as opposed to something they really embrace.”
Innovations in health care and connected devices can also mean more ways cybercriminals can steal private data. And unlike credit card theft, which can be quickly resolved, medical identity theft can have long-term effects on individuals personally.
"Hackers are carefully picking their victim organization, learning its businesses, understanding its partner relationships, and testing for weaknesses and vulnerabilities,” said Forrester. “To make a lot of money stealing and monetizing personally identifiable information, a cybercriminal organization will want to steal as many records as possible.”
The Anthem breach exposed 80 million medical records, while the Premera Blue Cross September 2014 attack breached 11 million customer records.
Forrester recommends healthcare organizations adopt two factor authentication for access to databases containing sensitive patient information and use behavioral analytics to identify suspicious behavior and encrypt data.
