Mega-Breaches and Hacking in 2018 May Be the Worst Year Yet


Everyone knows that when it comes to technology, advancements bring both positive and negative results.  Although patients utilizing patient portals have been able to monitor their health data more efficiently, hackers have been becoming more embolden and successful in breaching health databases.  Though the overall number of data breaches this year has lowered, there is growing concern that a new report suggests that 2018 may end as the worst year yet for hacking resulting in mega-breaches.


Top Cyber-Security Concerns Over Hacking and Mega-Breaches

When comparing the overall number of data breaches that occurred last year to the present, the numbers are down; however, there continues to be a concern with incidents that involve one-hundred-million or more patient records.  According to a recent article in Healthcare IT News, the concern is due to new research done from Risk Based Security.

The report said that 2018 has recorded so far 3,676 data breaches that has been publicly disclosed across all industries; approximately 3.6 billion records have been exposed.  However, through the third quarter of this year, seven of these breaches exposed between 100 million or more records and 10 of the largest accounted for 84.5 percent of the records that were exposed. 

The leading cause of data breaches continues to be hacking, as it accounts for 57.1 percent while the cause for most of these records that were exposed was fraud, which accounts for 35.7 percent.  Inga Goddijn, the executive vice president for Risk Based Security, said that, “Despite the decrease from 2017, the overall trend continues to be more breaches and more ‘mega breaches’ impacting tens of millions, if not hundreds of millions, of records at once.”


The Alarming Trend

Goddijin’s comment is extremely disturbing since threats are continuing and increasing in the number of those impacted.  Symantec’s latest report revealed that the highly targeted and notorious SamSam ransomware virus is hitting primarily the United States; the healthcare sector is especially targeted as hackers feel that organizations will most likely pay.  The virus gains access to networks and then will encrypt numerous computers throughout the organization and Symantec says that the costs for cleaning up the system can reach double digits into the millions.

According to a panel of CISOs late last month that met during the HIMSS Healthcare Security Forum in Boston, hackers are keeping pace with healthcare organizations despite investing and having a better understanding of cyber-security needs.  Four healthcare infosec leaders, when asked to rank the posture of cyber-security in the healthcare sector, revealed that even though the improvement was noted by the industry, they still have much work that needs to be done.

Even though bigger organizations are becoming more secure, Anahi Santiago, who is the chief information security officer of Christiana Care Health System, commented that small to mid-size hospitals continue to struggle.  Information security experts say that within the next five years, the biggest target will be the healthcare sector and hackers will have the ability to quantify how the data can be monetized.


While the usage of healthcare information matures, hackers will continue to keep pace; in the end, the only way that healthcare can achieve success is by having infosec leaders being allowed a seat at the table when discussing strategy.   

Inga Goddijn, who is the executive vice president for Risk Based Security, said “The number of reported breaches shows some improvement compared to 2017 and the number of records exposed has dropped dramatically.  However, an improvement from 2017 is only part of the story, since 2018 is on track to have the second most reported breaches and the third most records exposed since 2005.”