ICFE eNEWS #16-18 - June 27th 2016
View this eNEWS online

Brookings Institution Study: Healthcare Single Most Prevalent Area for Data Breaches

By Yan Ross, Director of Special Projects, ICFE

According to a recent Brookings Institution study, healthcare data breaches are on the rise. Some 23 percent of all data breaches occur in healthcare and have impacted 155 million Americans in almost 1,500 breaches in the past six years.

Despite measures to promote greater public awareness, increased security measures, and rising government fines, the total number of breach victims tripled in the last two years alone. Part of this growth is attributable to the high per-record cost of loss for healthcare data breaches: $363, the highest of any industry in the survey, and the black-market value of this information.

The author, Niam Yaraghi, a fellow with Brookings' Center for Technology Innovation, interviewed 22 IT leaders within healthcare provider and insurance companies. Among his conclusions: healthcare data is more valuable than many other forms of personal identification because information such as birth dates, Social Security and insurance ID numbers don't change, and criminals can charge premium prices on the black market.

According to the study, the proliferation of sharing digitized personal health data among insurers and other providers contributes to the likelihood of breaches. It appears that federal health agencies encourage the sharing of electronic health records before providers and payers put adequate security measures in place, with particular concern about concentrating on cybersecurity issues.

According to the author, it's unrealistic to expect small community hospitals to devote the resources to combat well-funded and determined criminal organizations intent on breaching their data, particularly when large national banks, retail chains and even the federal government have been hacked. Nonetheless, "that should not prevent hospitals from keeping their systems updated and avoiding the kinds of human errors responsible for most data breaches," Yaraghi said.

He also pointed out that healthcare organizations can adopt better practices and policies to prevent lost laptops, misplaced hard drives and employees clicking on suspicious files hiding malware and spyware. His recommendations include healthcare organizations prioritizing patient privacy and protecting it. At the very least, healthcare firms should share information about data breaches and exchange best practices and lessons learned.

Two other points were emphasized by the author:
More information is posted online.

The ICFE's Certified Identity Theft Risk Management Specialist® XV CITRMS® course is now available both in printed format and online.

The Textbook and Desk Reference edition of the course book is also available online. Bulk pricing and discounts for veterans and students available. Inquire at yan.ross@icfe.info

Yan Ross is ICFE's Director of Special Projects, and the author of the Certified Identity Theft Risk Management Specialist ® XV CITRMS® course. As an accredited educator for over 20 years, he has addressed Identity Theft Risk Assessment and management for consumers, organizations holding personally identifiable information, and professionals who work with individuals and organizations who are at risk of falling victim to identity thieves.

ICFE eNEWS is available FREE upon request by visiting the ICFE's Web site and filling out the contact form, selecting "Yes" for "Add to Mailing List." Please pass this eNEWS on to your peers and interested others and invite them to subscribe for free. Also, visit the ICFE's new Web site: StudentDebtHelp.org

Sent by:

Paul S. Richard
President - Executive Director
Institute of Consumer Financial Education (ICFE)

ICFE - Institute of Consumer Financial Education - ICFE.info - 619.239.1401