Verizon recently published the findings of its 2015 Data Breach Investigations Report, which analyzed over 80,000 security incidents that occurred in 61 different countries throughout 2014, but one industry was largely absent from the report: the healthcare industry.
While Verizon noted a couple of interesting statistics about how healthcare organizations dealt with security problems — e.g., 32% of security incidents were caused by human error, 26% were caused by unauthorized privileged access — it found that cyberhackers generally target major retail corporations, government organizations, and financial services groups.
Luckily, the Journal of the American Medical Association (JAMA) also published findings from another study, conducted by researchers from Kaiser Permanente and Stanford University, which used a government database to analyze 949 security incidents that occurred between 2010 and 2013 in the healthcare industry.
According to the data found in this study, there were 29 million U.S. health records stolen in the four-year period from 2010 to 2013, with many breaches affecting encrypted data that contained identifiable personal information.
The large majority of data breaches (about two-thirds) occurred with electronic records, and records stored on portable devices like laptops and USB drives were stolen or compromised more often than records stored on stationary equipment.
News 4 Tucson noted, however, that the researchers were careful to state that there weren’t necessarily 29 million individuals affected by these healthcare security breaches, since it’s likely that some individuals were affected multiple times, and it’s also likely that some stolen records were duplicates.
“There isn’t a day that goes by that we aren’t having conversations with our customers about the importance of security and what they need to be aware of,” said Mike Gross, Vice President of Sales and Marketing at Retail Management Solutions, a leading national point-of-sale provider to pharmacies. “We take nothing more seriously than the security of our systems and technology. Specifically when it comes to credit card security, our pharmacy POS solutions follow the latest PCI standards, to ensure a secure transaction happens every time.”
Nevertheless, the study shows that the healthcare industry isn’t immune to security breaches, and when cyberhackers target retail stores or government agencies, they often target electronic devices or systems that businesses and institutions in the healthcare industry also use, like pharmacy point of sale systems.
“Regarding store personnel, all of our systems today come with fingerprint scanning technology to ensure secure log-ins when accessing the POS system,” said Gross. “This ensures that no employee is accessing the system fraudulently. It’s these types of steps that POS vendors such as ourselves need to take, particularly in healthcare environments, where there is a lot of sensitive data at risk.”