(Bloomberg) — A rise in cyber attacks against doctors and hospitals is costing the health care system $6 billion a year as organized criminals who once targeted retailers and financial firms increasingly go after medical records, security researchers say.
Criminal attacks against health care providers have more than doubled in the past five years, with the average data breach costing a hospital $2.1 million, according to a study today from the Ponemon Institute, a security research and consulting firm. Nearly 90 percent of health care providers were hit by breaches in the past two years, half of them criminal in nature, the report found.
While intrusions like ones exposing millions of consumers at health insurer Anthem Inc. and hospital operator Community Health Systems Inc. have increased risk awareness, most of their peers are still unprepared for sophisticated data attacks, security experts have said.
“The health care industry is being hunted and hacked by the elite financial criminal syndicates that had been targeting large financial institutions until they realized health care databases are more valuable,” said Tom Kellermann, chief cybersecurity officer at Trend Micro Inc., who wasn’t involved in the study.
Medical records, which often contain Social Security numbers, insurance IDs, addresses and medical details, sell for as much as 20 times the price of a stolen credit card number, according to Dell SecureWorks, a unit of Dell Inc.
Thieves can use that information to take out a loan or open up a line of credit in the victim’s name, or for medical identity theft, where the victim’s insurance ID is used by an impostor seeking free medical care.
About half of health-care organizations surveyed by Ponemon said they didn’t have sufficient technology to prevent or quickly detect a breach, or the personnel with the necessary technical expertise.