From USA Today this week: “A staggering 4.07 million health-care records have been breached so far this year — about four times the amount in 2007, according to researcher DataLoss DB.” In other words, this is a big growth area for cybercrime!
“Hospitals keep records of patients for everything: financial, Social Security, credit, medical records,” says Reed Henry, senior vice president of marketing at security firm ArcSight, which helped collect the data.
Medical information is worth money! Often taken by internal workers who may or may not be cooperating with outside organizations – a recent report points to a former employee at the UCLA Medical Center who pleaded guilty after trying to sell Britney Spears medical records to the National Enquirer.
These are great sound bite for those working with medical organizations. Especially smaller organizations who may not have made the investments needed to secure this type of data. While HIPAA regulations require various levels of protection, passing the audit does not ensure data security. Notice once again, hacking through the firewall was not an issue for this guy from UCLA, he simply accessed tapes from inside the facility.