Daily Management Review

A detailed insight into causes for health care data breaches


Fundamental and ethical hacking have been the primary go-to methods in order to attain personal data and information. With a stage of advanced learning perfectly set up, the ordeal seems to have gotten easier.

For the first time, according to recent studies it has been found that criminal and state sponsored hacks have surpassed human error as the leading cause for health-care data breaches. It has been also found that it could be costing the industry as much as $6 billion.

With an average organization cost spiking up to $2.1 million per breach, the results of the study raises the question: How do you define human error?

More than half of the respondents at the Ponemom Institutes Fifth Annual Benchmark Study on Privacy & Security of Healthcare Data had to say that their organization’s incident response team was underfunded or rather understaffed.
According to them roughly one third of respondents had no incident response plan in place at all, a fact that seems to beggar the imagination at the moment when breaches seem to have become the third certainty of life. It also highlights the seeming no show of the “first do no harm” patients on the data-breach prone operations.
While the ordeal is disconcerting as there isn’t a more robust incident response culture out there, perhaps a more concerning aspect is the lack of best practices pointed at heading off the problem before it happens. That is indeed where a new term comes into play.

Wetware can be defined as a term of art that is used by hackers to describe a non-firmware, hardware or software approach for getting the information that they want to pilfer, in other words, people. (As the human body is 60% water.)

Wetware intrusions take place when a potential hacker exploits employee trust, predictable behavior or in case of failure to follow security protocols. It could be a crooked employee on the take or it could also be a file found in the Dumpster diving.

The findings of the Ponemon Institute’s study point towards the definite need of a better wetware precaution when it comes to the issue of a better security for healthcare records. Amazingly nearly 40% of the health organizations in the study reported more than 5 breaches in the past two years.

According to detailed analysis, since the beginning of 2010, “the percentage of respondents who said their organization had multiple breaches increased from 60% to 79%.” Also by no means inconsequential is the fact that medical identity theft (an imposter uses a victim’s credentials to obtain health care) nearly doubled in the past 5 years from 1.4 million to more than 2.3 million in 2014.

The breaches comprising these figures were not all the size or severity of Anthem or Premera which combined seems to have leaked extremely sensitive and personally identifiable information which includes the likes of Social Security Number, birth dates and bank account numbers of more than 91 million consumers.

While the $2.1 million average cost incurred to health care organizations is eye-catching, it is reported to have also included incidents with an average of 2700 lost or stolen records, a figure that seemingly runs the gamut from Anthem and Premera to breaches presumably on the smaller side. 
As Larry Ponemon rightly pointed out in an interview with Dark Reading, while many of the incidents involved the exposure of “less than 100 records,” that in no way trivializes those events.
He also stated “Many medical identity theft victims report they have spent an average of $13,500 to restore their credit, reimburse their health care provider for fraudulent claims and correct inaccuracies in their health records.” This was exclusively framed after a detailed study on the former topic.
With 91% of the health companies responding to the study’s questions reported at least one incident in the preceding two years. However it is clear that whatever we have been doing to address the health care breach problem is woefully inadequate and at the same time insufficient as well. In addition to that it is also clear that the problem is wetware.
When the practicing organizations in the study were asked about what was worrying them the most (with three responses permitted), astoundingly 70% said that the biggest concern was a negligent or rather a careless employee.

In addition to that this figure was followed by nearly 40% of respondents who thought that cyber attackers were the larger reason for concern and that nearly 33% were worried about the security of the public cloud servers. The respondents were also found citing insecure mobile apps (13%) and insecure medical devices (6%).

Reports suggest that nearly 96% of respondents said that they had a security incident involving lost or stolen devices. The fact that cyber attacks are the leading cause of breaches should keep you up at night, but an even more terrifying fact here is that many of these attacks would not have been possible were it not for the human factor.

It can be assumed that there is plenty of overlap between the proactive criminal and the clumsy employee in order to make these figures start to seem like much of digital rain much like in “The Matrix”.
Nowadays smartphones and tablets seem to be on the list of most compromised or stolen assets. Earlier on the data breach seemed to be pandemic and the ordeal was limited to the then sophisticated gadgets like laptop, computer and desktop which were on top of the list back then.

While it may seem interesting on some level as to how the information seems to get relatively compromised, one needs to accept the fact that at the end of the day a breach is a breach.

The bottom line here is that hackers of all genres are having a field day because of the fact that the wetware problem has been largely unaddressed. One can certainly speculate that this scenario of data breaching is likely to be persistent until people become the alpha and omega of the peocess leading to zero tolerance solution.


Science & Technology

Israel Completes Mars Habitat Simulation Experiment

Just $24 Earned By Hackers From The Huge Cryptojacking Campaign Conducted Last Week

New Molecule That Quickly Fights Cancer Cells Identified By Swedish Scientists

The U.K.’s Health Sector To Integrate Israeli ‘Digital Health’ Technology

Cryptocurrency Mining Malware Infects Government Websites In Multiple Countries All Across The World

New Research Into Space Settlement And Space Habitation Will Be Supported By Seed Grants Launched By UAE

NASA Confirms Mystery Satellite To Be Its IMAGE Satellite

Facebook To Put A Ban On Cryptocurrencies Ads

Study Show An Early Sign For Alzheimer's Is Sleep Disruption

Malicious ads on YouTube were used to mine cryptocurrency with viewers’ CPU

World Politics

World & Politics

Australia To Welcome Britain On The Latter’s Interest In Joining TPP

South African President Zuma Finally Resigns, New President To Be Elected Soon

13 countries with the best healthcare system

France is coming closer to Iran

India-Russia Develops Supersonic Missile Which Could Raise Concerns In China

Yet another serious political risk for Europe: Italian elections coming soon

Seven Weeks Time Period , Says Theresa May, For Agreement On Brexit Transition Deal

Germany on the brink of political chaos