[BreachExchange] The Impact of Healthcare Data Breaches on Florida Patients

Destry Winant destry at riskbasedsecurity.com
Mon Dec 9 10:03:22 EST 2019


Doctor! Doctor!


Journalists at NBC’s WESH reached out to us following the release of
our latest DataBreach QuickView Report to learn more about our
findings regarding data breaches in the Healthcare industry. You can
watch the story here.

Here’s what we found:

 Within the last ten years, there have been 1,461 data breaches
affecting Florida-based Healthcare organizations.
159 million patients have been affected by these breaches.
In 71% of these cases, personal or financial data was accessed.

The Data Breach Landscape

159 million is a big number but it is nowhere near the total amount of
records exposed. As of Q3, 7.9 billion records have been exposed
worldwide and our data suggests we are on track to reach 8.5 billion
by the end of this year.

According to our research, of the organizations that could be
definitively classified, medical service providers are the most
compromised economic sector.

Valuable Personal Information at Risk

It’s unsettling that medical service providers are being targeted by
malicious actors. If you think about it, is there anyone that knows
more about yourself than your doctor? Hospitals and related
organizations contain a treasure trove of information that other
businesses don’t collect. This includes your medical history and
healthcare organizations have your financial records, name, Social
Security number, and in some cases, your biometrics.

The Healthcare industry doesn’t have a good track record in
safeguarding data. In our Mid-Year Data Breach QuickView report
(included when you request our latest edition) we had researched the
ramifications of the compromise at American Medical Collection Agency
(AMCA). The fallout was substantial. Hackers infiltrated AMCA’s
network and pilfered over 22 million debtors’ records. Names,
addresses, dates of birth, Social Security numbers and financial
details were taken. Even if the hackers choose not to use the
information for fraud, it’s just the type of data that can be
leveraged for phishing schemes.

If you have ever experienced a case of identity theft, you know how
difficult and time consuming it is to rectify the mess that ensues. If
you haven’t, you can imagine the impact of a malicious person taking
your credit card. Sure, you can get a new card. But what about your
DNA profile? You can’t get new body (at least not yet).

Hold Them Accountable

What can customers do about the situation? As Jake said in his
interview, we need to hold medical providers accountable for the data
they store. If a breach occurs within a network you’ve used, demand
details of the breach and how it affects you. Ask your medical
providers why they need the personal information they are asking for,
how it will be stored and who will have access to it. Request a copy
of your medical files to see what they have and find out where they’re
being shared. There are too many instances of where organizations do
not take the proper steps in protecting or disposing of medical

What You Can Do as an Organization

Regardless of industry, all organizations should take steps in
safeguarding sensitive data. In order to better protect data,
organizations need actionable threat intelligence about data breaches
and leaked credentials. Our product, Cyber Risk Analytics (CRA), is
the standard for data breach intelligence, risk ratings and supply
chain monitoring.

With our PreBreach Risk Ratings, CRA provides a deep dive into the
metrics driving cyber exposures, as well as understanding the digital
hygiene of an organization and predicting the likelihood of a future

The integration of CRA into security and underwriting processes,
vendor management programs, and risk management tools allows
organizations to avoid costly risk assessments, while enabling
businesses to act quickly and appropriately to proactively protect its
most critical information assets.

We’d love to show you how Cyber Risk Analytics can help you protect
your data and customers.

More information about the BreachExchange mailing list