Cyberattackers’ interest in healthcare organizations continues to increase. In 2018, there were 284 breaches reported on the US Department of Health and Human Services (HHS) breach portal and 27 so far in 2019. According to InfoSec Institute, “nearly 95 percent of all medical and health care institutions have been victims of some form of cyberattack.”
Most people think of healthcare and cyber-risk as related to the compromise of sensitive patient data. This is true, and it’s also a fact that healthcare data is valued significantly higher than credit card data. Stolen health credentials can go for $10 each, about 10 or 20 times the value of a US credit card number. Protecting this data is critical, and this is at the core of the long-standing Health Insurance Portability and Accountability Act (HIPAA) regulations, including the HIPAA Security Rule.
A high percentage of healthcare organizations successfully check the HIPAA compliance box. However, it’s unhealthy to confuse being HIPAA compliant with being secure, especially as healthcare cyber threats today are broadening beyond data theft.