Healthcare continues to see staggering growth in breaches to patient health information. In the first half of 2019 alone, 32 million health records were breached, compared to 15 million records in the entire year of 2018. However, this trend of growing cyber breaches in healthcare is likely to persist due to the following characteristics of the healthcare industry:

  • Healthcare organizations have a treasure trove of highly sensitive patient health information. Information such as date of birth, social security number, credit card data, insurance information and medical records command a high price on the dark web.
  • To facilitate efficient delivery of care, there is a proclivity for sharing this highly sensitive data within the healthcare industry. This data sharing broadens the threat landscape.
  • The healthcare industry invests 4% – 7% of revenue on cybersecurity initiatives. By comparison, the financial industry — with less valuable data — invests 15% of revenue on cybersecurity initiatives.

While hackers continue to be a significant instigator of cyber breaches, according to the Verizon Data Breach Investigation Report (DBIR), insiders are the main source of cyber breaches in healthcare — 59% of healthcare breaches in 2018 were due to insiders, compared to 42% of external actors. Not only are patient health records such as insurance member ID and Social Security Numbers at risk due to insider threat, but medical imaging records are also jeopardized.

AppSec/API Security 2022

Medical imaging is a critical aspect in the delivery of patient care. Imaging records are now digitized and often stored on picture archiving communication systems (PACS), which enables the sharing of medical images to facilitate the delivery of care. However, cybersecurity measures to protect patient health information are often not implemented.

A recent report by ProPublica showed that medical imaging data of over 5 million patients in the United States are publicly (Read more...)