The team at HealthLock is dedicated to helping you maintain your medical security. In some cases, that means helping you learn more about the vulnerabilities in the healthcare system, and how those vulnerabilities put your medical data at risk.
Today, we’re going to discuss something you have likely seen discussed on the news, or perhaps experienced for yourself in the shape of a letter from your healthcare provider: medical breaches. They’re happening more often, and those who commit them are often emboldened by the slow response from authorities.
But what is a medical breach? Why are they seemingly so easy to commit?
What qualifies as a medical breach?
For our purposes, a “breach” is defined as an exposure and compromise of at least 500 individual medical files.
In September of 2021 alone, healthcare facilities saw a 23.7% uptick in month-over-month cyberattacks. But this isn’t the only kind of medical breach out there. Generally, when we write about medical breaches, we’re referring to one of the following:
- Someone who works in the facility who exposes patient data, whether it’s intentional or accidental. Because so many facilities don’t properly train their staff in security measures, it’s dishearteningly easy for the latter to occur.
- Missing medical devices and facility equipment like laptops, tablets, or cellphones that allow whoever finds them to access the medical network.
- Malware or ransomware that can steal login information and/or hijack networks. The people behind them may be criminal gangs who intend to sell whatever they obtain on the black market, or they may be nation-states looking to cause chaos and undermine our structures.
While the first two types can and do occur, most of the headlines you see about data breaches center on cyberattacks.
Why are medical breaches happening more often?
Medical information (usually called Personal Health Information, or PHI) is much more valuable than financial information. It’s also often much harder for the average person to find out that their medical data has been stolen, which makes it even more appealing to criminals.
That critical information is often not stored behind layers of comprehensive security. While some healthcare facilities do an excellent job of protecting patient data, healthcare infrastructure as a whole is often patched together and difficult to harden against attacks.
In addition, the sheer number of devices that can tap into healthcare networks (whether they’re medical devices like MRI machines or laptops) has continued to increase, meaning facility IT professionals have far more territory to guard and bad actors have many more access points to attack.
What are the consequences of cyberattacks?
Medical breaches appear to be occurring more and more frequently. In 2018, there were 368 recorded breaches, which jumped to 512 in 2019 and 642 in 2020. The numbers from 2021 were equally disheartening with 686 such breaches.
It’s an unfortunate fact that we have a long way to go in strengthening our healthcare infrastructure and giving our IT professionals the tools they need to repel cyberattacks. But one thing remains clear: if someone purchases and uses your medical records, those transactions will show up in Explanations of Benefits or medical bills. That’s where HealthLock comes in: our powerful AI can monitor your medical transactions, giving you a heads-up when something is amiss.