Cyberattacks on healthcare organizations rose a staggering 125 percent in the last five years as hackers intensified their efforts to steal valuable medical data, according to a new study.
With medical files worth up to $70 each on the black market, 45 percent of healthcare organizations reported they were victims of a deliberate cyberattack, according to the survey by the Ponemon Institute and ID Experts, released on Thursday.
Criminal attacks are now the leading cause of healthcare data breaches, replacing lost computer hardware for the first time. More than 90 percent of healthcare entities reported a data breach in the past two years, along with 60 percent of claims processors and third-party billers.
The trend places consumers at higher risk of identity theft and creates the potential for insurance and government benefits fraud.
Still, cyberattacks are not the biggest security concern for healthcare entities, they said. Employee negligence was named as a top worry for 70 percent of organizations, followed by hackers at 40 percent. Groups could name three major concerns.
The rise in cyberthreats is taking place as medical providers continue an arduous transition to electronic health records.
The healthcare industry is behind the rest of the private sector when it comes to digital record keeping, and many providers cite security risks as one reason they are wary of fully abandoning paper records.
Record theft is a serious and costly problem for healthcare organizations, regardless of how it takes place. Recovery from a data breach costs a healthcare organization $2.1 million on average, the study found, translating to $6 billion annually across the industry.
Costs also create a burden for consumers who are victims of data breaches.
“Medical identity theft is 100 times worse than financial identity theft,” Rick Kam, president and co-founder of ID Experts, told Yahoo Tech. “Bad guys are monetizing the use of your health insurance number, using it to defraud medicare or to buy oxycontin.”