Consumers might be worried about compromising their personal data when shopping after the recent massive data breaches at Target (TGT), Neiman Marcus and TJMaxx (TJX), but it turns out retailers aren’t the biggest risks. A new report cautions that the health-care and pharmaceutical industries are more at risk for data breaches than big retailers.
BitSight Technologies, a security ratings company, recently released its report asking “Will Healthcare Be the Next Retail?” analyzing the security performance of companies in the S&P 500. The report found that during 2013, 82% of these companies suffered security compromises, with cyber security in both health care and pharmaceutical sectors among the most vulnerable. The report focuses on signs that hackers have infiltrated computer systems within these sectors.
Calculating the total number of cyber-attacks in these industries is difficult, the report says, because victims rarely report breaches and may not even be aware one has happened.
Earlier this year, the Ponemeon Institution released a report that showed instances of criminal attacks on health-care and insurance companies has increased 100% since 2010. In 2014, 40% of these health-care organizations reported attacks on sensitive data.
Dean De Beer, co-founder and chief technology officer at ThreatGRID (/), a threat intelligence company which was recently acquired by Cisco (NASDAQ: CSCO), says the report shouldn’t come as a surprise, as many companies within the health-care sector are part of the BYOD or “bring your own device” trend.
“Hospitals are focusing on the most effective ways to provide health-care services--both inpatient and outpatient,” says De Beer. “It’s not the same as the banking industry, where they tell [customers] what computers you can use and what you can and can’t do with them. That’s why HIPPA was implemented.”
The average clean-up time for breaches in these sectors is 5.3 days, BitSight reports, and De Beer says that isn’t a terrible turnaround time.
When it comes to security versus productivity in the health-care and pharma industries, De Beer says productivity will always be top priority.
“Doctors may turn to wireless to be inter-connected,” he says. “And it can be very difficult to secure these environments. It’s not like a bank where you can lock things down—and banks fall victim to breaches all the time, as well.”
Medical records contain a lot of personal information and pave the way for fraudsters to commit insurance fraud, making it easier to monetize and harder to track, explains De Beer. Consumers need to stay aware, monitoring their credit and banking statements and also keeping in contact with their insurance providers, he recommends.
“Retail gets you volume, and what you will get in a breach is credit card information,” he says. “You aren’t going after anything else but that. You have to monetize those and turn them into a currency that can be laundered. With medical records and identities, those are full profiles of individuals.”