Virtua Medical Group of South Jersey recently agreed to pay almost $418,000 as part of a settlement involving a breach of more than 1,600 medical patient files. These patient records became viewable online due to a server misconfiguration by a 3rd party vendor.
As a heavily regulated industry, healthcare data breach costs are consistently among the highest across industries. Last year, the average healthcare record cost $380/per stolen record (compared to average cost of $141/record for all industries). When you consider often thousands of records are stolen at a given time, the impact of these breaches on organizations are significant.
Why is the Healthcare Industry such a Target?
- They have personal information that could be used for traditional financial fraud — things like your name, social security number, and payment information.
- They have health insurance information, which can be sold for even more on online black markets because it can be used to commit medical fraud — things like obtaining free medical care or purchasing expensive medical equipment.
- Knowing valuable data is at stake, healthcare companies are often willing to pay the costs associated with ransomware. Hackers are aware of this and capitalize on the opportunity.
What Can Be Done?
- Patch PCs and servers early and often. Many healthcare data breaches in 2017 could have been prevented had patches been applied promptly.
- Choose a secure password. Many data breaches were caused as a result of employees leaving unencrypted laptops in unattended/risky locations.
- Security Awareness Training. Phishing remains one of the primary ways malicious actors gain access to protected health information, yet security awareness training is still not being provided frequently. As a result, employees continue to fall for phishing and social engineering scams.
