Introduction
Managed Care of North America, commonly known simply as MCNA Dental, suffered a major healthcare data breach when its systems were infected with malicious code.
On June 26th, 2023, an unauthorized party was able to access systems and remove copies of personal information, including the protected health information (PHI) of 8.9M patients under their care.
The compromised PHI included names, addresses, telephone numbers, email addresses, birth dates, Social Security numbers, driver’s license numbers, government-issued ID numbers, dental benefit information, and health insurance information.
This is just one example of a recent case of PHI being stolen from a health organization!
The clear question is…why are cybercriminals so bent on stealing our private health information?
Why PHI Is So Sought After
Did you know?
- In 2021, data breaches on healthcare organizations exposed the private data of 50M Americans.
- 95% of identity theft happens because of stolen healthcare records.
- 89% of healthcare organizations reported an average of 43 cyber attacks per year.
These statistics highlight the importance of cybersecurity for healthcare organizations. Healthcare organizations must take steps to protect PHI from cyberattacks, including implementing strong security measures, educating employees about cybersecurity best practices, and having a plan in place for responding to data breaches.
There is a reason that healthcare is the most-targeted industry by cybercriminals. That’s because private health information is so valuable. On the Dark Web, one record can sell for thousands of dollars…and these thieves usually package in bulk.
- The healthcare industry is the most targeted industry for cyberattacks. In 2021, there was an 84% increase in healthcare data breaches from 2018.
- The average cost of a data breach in the healthcare industry is $9.3 million. This is higher than the average cost of a data breach in any other industry.
- PHI is the most valuable type of data on the black market. A single PHI record can be sold for up to $1,000.
- Phishing attacks are the most common type of cyberattack against healthcare organizations. Phishing attacks are emails or text messages that are designed to deceive people into revealing sensitive information, such as passwords or credit card numbers.
- Ransomware attacks are also a major threat to healthcare organizations. Ransomware attacks encrypt data and demand a ransom payment in exchange for the decryption key.
The good news for patients is that your health data is some of the most highly regulated, confidential information out there.
Other Attacks on Healthcare Organizations
This recent attack on MCNA is just one example of PHI being stolen from a health organization recently. In 2023, there have been numerous other data breaches reported.
In April, HCA Healthcare, the largest health system in the United States, announced that it had suffered a data breach that affected over 11 million patients. The breach was caused by a ransomware attack that encrypted HCA’s systems and forced the company to take them offline.
September, the University of Michigan announced that it had suffered a data breach that affected over 1.7 million patients. The breach on their Health Service and School of Dentistry was caused by a phishing attack that allowed attackers to gain access to employee email accounts.
In October 2023, ASAS Health, an internal medicine practice in Edinburg, Texas, announced that it had suffered a data breach that affected over 25,500 patients. The breach was caused by a ransomware attack that encrypted ASAS Health’s systems.
These examples are just from the last few months! Over recent recent, data breaches have affected healthcare organizations of all sizes, thereby earning the healthcare industry the spot of the #1 most preyed-on industry by cybercriminals.
How Your PHI Is Protected
As healthcare becomes increasingly digitized, it is more important than ever for healthcare organizations to take steps to protect patient data. Don’t be afraid to ask your providers if they…
- use strong cyber-defense systems as recommended by modern IT experts. These might include firewalls, automated intrusion detection and anti-malware software.
- educate their workers about cybersecurity best practices, such as how to identify and avoid phishing attacks.
- regularly back up data and store it in a secure location.
- have a strong incident response plan.
Does all of this sound rather familiar? Just because healthcare organizations might handle a different kind of confidential data, they still follow a lot of the same safety procedures that any organization must employ when they manage personally identifiable information (PII).