16 or 27 million 2016 breaches, 1 in 4 Americans? Data, IoT insecurity runs wild (US/UK)

What’s better than a chilly early spring dive into the North Sea of Health Data Insecurity?

[grow_thumb image=”http://telecareaware.com/wp-content/uploads/2017/03/Accenture-Health-2017-Consumer-Survey.jpg” thumb_width=”150″ /]Accenture’s report released in February calculated that 26 percent of Americans had experienced a health care-related data breach. 50 percent of those were victims of medical identity theft and had to pay out an average of $2,500 in additional cost. One-third (36 percent) believed the breach took place in hospitals, followed by urgent care and pharmacies (both 22 percent). How did they find out? Credit card and insurer statements were usual, with only one-third being notified by their provider. Interestingly, a scant 12 percent of data breach victims reported the breach to the organization holding their data. (You’d think they’d be screaming?) The samples were taken between November 2016 and January 2017. Accenture has similar surveys for UK, Australia, Singapore, Brazil, Norway, and Saudi Arabia. Release  PDF of the US Digital Trust Report

So what’s 16 million breaches between friends? Or 4 million? Or 27 million?

  • That is the number (well, 15.9 million and change) of healthcare/medical records breached in 2016 in 376 breaches reported by the Identity Theft Resource Center (ITRC), a Federally/privately supported non-profit. Healthcare, no surprise, is far in the lead with 34 percent and 44 percent respectively. The 272 pages of the 2016 End of Year Report will take more than a casual read, but much of its data is outside of healthcare.
  • For a cross-reference, we look to the non-profit Privacy Rights Clearinghouse which for many years has been a go-to resource for researchers. PRC’s 2016 numbers are lower, substantially so in the number of records: 301 breaches and 4 million records.
  • HIMSS and Healthcare IT News insist that ransomware is under-reported, (more…)

mHealth Summit now HIMSS Connected Health Conference

Another sign that mHealth is now in our rear view mirrors [TTA 24 July] is that one of the main conferences on the US and international conference calendar is changing its name. Since 2009, the mHealth Summit has closed the year. Its organizing groups have changed and it’s gone international to Europe (the recent summit in Riga). Now it has been renamed (though not on the website yet) the HIMSS Connected Health Conference-an umbrella event comprising the mHealth Summit (including the Global mHealth Forum), and two new conferences:  the Cyber Security Summit and Population Health Summit.

The shift in the industry and new concerns are clearly reflected in this reorganization. Transitions were visible last year to this Editor in covering the sessions, speaking with exhibitors and attendees. It’s not about the tech anymore, but how it fits into care models, saves money/avoids costs, improves care, improves the experience–all population health metrics–and fits with other technology and analytics. (It’s also how it fits into government payment models, an endlessly changing equation.) What is surprising is the lifting of cybersecurity to equal status, given the Hackers’ Holiday that healthcare is now (see TTA here). (Also this Editor notes that last year’s Big Buzzwords, Big Data and Analytics, has faded into where it should be–into facilitating population health and we should expect, inform data security. We also note that HIMSS has stepped forward as the organizer. HIMSS release  Telehealth & Telecare Aware has been a media partner of the mHealth Summit for most years since 2009. 

“Who do I call?” when the cyberalarm goes off

[grow_thumb image=”http://telecareaware.com/wp-content/uploads/2015/02/Hackermania.jpg” thumb_width=”175″ /]A top read for the weekend is this short article by Gillian Tett in the FT on the lack of coordination in the US in not only protecting systems from cyberattack, but also the lack of coordination between public and private sectors in protection–and when something does go wrong. As Henry Kissinger famously said about Europe when various crises loomed, ‘who do I call?’

Indicators of a gathering storm are everywhere:

* Wednesday’s hours-long, still unexplained outages at the NYSE and United Airlines. (The Wall Street Journal website going down for a bit was the topping on the jitters)

* A joint report from Cambridge University and Lloyds insurance group, also released Wednesday, estimated that a hack shutting down the US electrical grid would create $1 trillion in damage. (more…)

FBI ‘Flash Alerts’ health organizations about hacker attacks (US)

[grow_thumb image=”http://telecareaware.com/wp-content/uploads/2014/08/keep-calm-and-encrypt-your-data-5.png” thumb_width=”150″ /]Late yesterday Reuters reported that the Federal Bureau of Investigation (FBI) issued a ‘flash alert’ to healthcare organizations, warning they are being targeted by “…malicious actors targeting healthcare related systems, perhaps for the purpose of obtaining Protected Healthcare Information (PHI) and/or Personally Identifiable Information (PII),” and that “These actors have also been seen targeting multiple companies in the healthcare and medical device industry typically targeting valuable intellectual property, such as medical device and equipment development data.” These alerts are sent to businesses by the FBI and Department of Homeland Security (DHS) to help prevent cyberattacks. This follows an April FBI alert warning healthcare companies that their security systems were lax compared to other sectors, making them highly vulnerable to hacker attacks. Our Monday report on the Community Health System attack on 4.5 million records at the the #2 US publicly traded hospital operator  (more…)