A U.S. agency has identified cloud-borne security threats to be one of the biggest problems facing the health care industry, as they are increasingly affecting health care organizations.
The U.S. Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center published a report naming “cloud threats” among the top five security problems facing electronic medical records and electronic health records (EHRs). The four other threats include ransomware, malware, phishing attacks and insider threats from employees.
According to the report EMRs are “the electronic storage, maintenance, and entry of digital medical data” while EHRs are “the patient’s records from doctors. This includes demographics, test result, medical history, history or present illness (HPI), as well as medications.” Hackers can use both types of data because they contain a wealth of personally identifiable information, such as names, Social Security numbers, licenses, and biometric identifiers, like fingerprints, retinal scans, and facial photos.
Although health care is not the only industry that uses such data, it is the one hackers find the most value. An IBM study was cited in the report. It found that the average cost of data breaches in the health care sector was $9.23 million in 2021 compared to $7.13 million in 2020. The financial industry was second in value for hackers, with data breaches costing $5.72 million in 2021, a slight decrease from $5.85million in 2020.
According to the report, more than 41 million people were affected by data breaches in their health care records in 2021. 2 million people were affected in January 2022.
The report recommends that health care organizations set up cloud security profiles to help protect individuals’ personal data. This is done by an organization’s cloud access security broker (CASB), which covers functions such as access control and monitoring and compliance management.
It stated that “more healthcare organizations are using Cloud services for patient care. There is an increasing need to protect private data while complying with HIPAA.”
