According to Gemalto’s Data Breach Index for the first half of 2015 (PDF), the healthcare industry has the dubious distinction of being the industry suffering the most data breaches (187 out of 888) and having the most stolen records (84.4 million out of 245.9 million) (Figure A).
To add insult to injury, a company in the healthcare industry, Anthem Insurance, grabbed the top spot on Gemalto’s magnitude scale, succumbing to an identity theft attack that exposed 78.8 million records. The Gemalto report mentions, “That attack represented one third of the total records exposed in the first half of 2015, and was highly publicized in part because it represented the first major state-sponsored cyber-attack of several that occurred in 2015.”
Granted, the Anthem Insurance data breach skews the results for this particular survey, but the Gemalto authors mention, “The healthcare industry historically has had the highest number of data breaches and that was no different in the first half of 2015.”
As to what the records consisted of, the Gemalto report did not specify. According to CNN Money, “The information stolen from the insurance giant included names, birthdays, medical IDs, social security numbers, street addresses, e-mail addresses, and employment information, including income data.”
Anthem told CNN Money’s Charles Riley there is no evidence that credit card or medical information was compromised. That cannot be much consolation for the victims. The records grabbed by the attackers are more than enough to build fake accounts for which the victim will appear to be liable.
Why is healthcare so vulnerable to breaches?
It appears one of the biggest reasons for the healthcare industry holding the number one spot is a lack of qualified people. According to a new Burning Glass report Job Market Intelligence: Cybersecurity Jobs, 2015 (PDF), jobs for cybersecurity professional have grown over 91% across the board since 2010. Cybersecurity jobs in the healthcare industry during that same time jumped over 121%.
The authors of the Burning Glass report address why there’s a lack of qualified professionals. “Cybersecurity jobs require significant education and experience,” mentions the report. “Some 84% of cybersecurity postings specify at least a bachelor’s degree, and just as many (83%) require at least three years of experience.”
Besides degrees and job experience, specialized and heavily-regulated industries such as healthcare have additional requirements.
- Skills: Accepted accounting principles and financial reporting
- Compliance and standards knowledge: HIPAA (positions requiring HIPAA knowledge have increased 248% over the past five years), HITECH, and PCI DSS
The additional training needed to meet cybersecurity job prerequisites, but not directly-related to IT, begins to explain the lack of qualified professionals and why it takes longer to fill cybersecurity positions when compared to other IT jobs.
However, for interested individuals, there is some incentive. The Burning Glass report mentions, “It’s bad for employers but good news for cybersecurity workers, who can command an average salary premium of nearly $6,500 per year, or 9% more than other IT workers.”
What’s in store for healthcare security?
Parham Eftekhari, the Institute for Critical Infrastructure Technology (ICIT) cofounder and senior fellow, talks to HealthITSecurity’s Elizabeth Snell about what we should expect. “I see healthcare breaches skyrocketing over the next few years and there’s going to be a lot of people who are going to be very upset,” says Eftekhari. “There are just so many holes, and they’re trying to do this so fast that they’re not thinking through the security aspect of when they’re hooking things together, merging medical records, and when they’re using these new systems. I see a rocky road for healthcare when it comes to cybersecurity in the near future.”
On a brighter note, Eftekhari adds, “If there is any sort of silver lining from all of these breaches that we’re having, it is that it has raised the national dialogue on this issue and we’re tuned into it.”
The Burning Glass report aptly described the challenge going forward, “American employers have realized the vital importance of cybersecurity — but that realization has created a near-term shortage of workers that may require long-term solutions.”
Note: TechRepublic and Tech Pro Research are CBS Interactive properties.