With healthcare data breaches constantly making headlines, it is still shocking to learn that a recent cyberattack has been recognized as the most significant incident of its kind in the history of the U.S. healthcare system.
The intruders disrupted operations and exfiltrated up to 4TB of data, including personal information, payment details, insurance records and other sensitive information. This led to a ransomware payment of $22 million. The attack places the survival of many healthcare practices at risk due to delays in patient care and reimbursement. – Security Intelligence
The breached healthcare company maintains the medical records of nearly one-third of patients with the United States – representing 15 billion transactions and $1.5 trillion in healthcare claims annually – and the damages in cost and patient care caused by the breach are immense. The attack caused them to shut down their network, halted patient care and hit pharmacies, delaying critical prescriptions across the U.S.
Total damages could reach an unprecedented $1 billion, with potential costs of more than $2 billion to help healthcare providers who have been affected by the cyberattack. Additional fees could include legal fees, class action lawsuits from providers, delays in reimbursement, and additional medical expenses due to delays in patient care. Security Intelligence
Now that their network has been infiltrated, the company could be easy prey to additional attacks. A second ransomware group has reportedly attempted to extort the company, and only time will tell if the threats add to the list of damages.
Data Breaches – A Crippling Threat
Criminals are constantly looking for weaknesses, so it’s no surprise that malicious attacks were the most reported root cause of a healthcare data breach at 56% for 2023. (IBM) Moving into 2024, the attacks keep coming, with 222 reported data breaches in the first quarter, an increase of 41% from last year.
Because of the vast amounts of valuable PHI, PII and payment data being processed by hospitals, clinics and healthcare organizations, healthcare will continue to be a preferred target for hackers.
There are so many more data breaches in the healthcare sector than in other sectors because healthcare data is more valuable on the black market than any other type of data. This is because it takes longer for healthcare fraud to be discovered and stolen data can be used for longer compared to (for example) a stolen credit card which can be stopped as soon as the breach is discovered.- HIPPA Journal
Last year, the average cost of a data breach for healthcare reached an all-time high of $10.93 – compared to the global cost of a data breach at $4.45 – and healthcare reported the highest costs for the 13th year in a row. – IBM
Solutions to Safeguard Data – Encryption and Tokenization
With healthcare breaches on the rise, how do healthcare organizations stop cyber-attacks and safeguard sensitive data in the process?
Under HIPAA (Health Insurance Portability and Accountability Act), data encryption is the most recommended security measure for healthcare organizations to secure PHI and PII data while meeting strict HIPPA compliance regulations. Encryption protects sensitive customer data and financial transactions from unauthorized access, tampering, and theft, using an algorithm and key to make the data unreadable.
Healthcare organizations can mitigate data breaches using various methods. The most effective is to encrypt protected health information to render it unusable, unreadable, or indecipherable in the event of a data breach attack. This will ensure data is not compromised and the attack will not have to be reported to the Office for Civil Rights. – HIPPA Journal
As the healthcare sector continues to digitize, tokenization has become an important solution to secure sensitive patient health data and protect patient privacy. Like encryption, tokenization stores and transmits sensitive data – medical records, PII, and card payment data – safely, safeguarding the data in the event of a breach. Tokenization replaces sensitive data with a random, meaningless value, or ‘token’.
With encryption and tokenization solutions in place, sensitive PHI and PII data are safeguarded and rendered useless to hackers in the event of a data breach, with additional benefits that:
- Ensure the integrity of patient information
- Prevent unauthorized modifications to sensitive data
- Foster trust between healthcare organizations, providers and patients
- Provide a secure exchange of patient data across multiple platforms or networks
- Simplify compliance with data protection regulations
- Reduce scope of security audits and costs associated with data breaches
Bluefin uses a combination of encryption and tokenization solutions to provide healthcare organizations payment and data processing solutions to protect cardholder, PHI and sensitive medical data.
Bluefin’s PCI-validated point-to-point encryption (P2PE) solutions are validated by the PCI SSC to meet the rigorous standards for encryption, decryption, key management and chain of custody. ShieldConex®, our vaultless PCI-compliant shared tokenization solution protects customer payment data throughout the entire customer journey.
Learn more about Bluefin today.