The mortgage industry should pay attention to wha over industries are doing and take cybersecurity more seriously. For example, CopyStrong, a cybersecurity company focused on combating insider threats, has created an application that mitigates the risk of cyberattacks within health care organizations, the company announced Wednesday.
Cybercrimes against health care organizations are growing exponentially more complex and frequent, especially with the increased reliance on electronic systems to coordinate care. These types of attacks increased 125 percent from 2010 to 2015, and are now considered the leading cause of data breaches according to the Ponemon Institute. The surge in cyberattacks has put pressure on hospitals to find new strategies in cybersecurity.
“Current detection usually takes years and the costs to the organization are exorbitant. Up until now, there really hasn’t been a reliable solution to stop these bad actors and hold them accountable,” said Erica Bowles, founder of CopyStrong. “CopyStrong provides early detection from bad actors while simultaneously launching a counter intelligence protocol that minimizes victimization of patients while protecting the reputation of health care systems.”
During a hospital visit, hundreds of people, have access to a patient’s medical records. These records can easily sell for anywhere from $300-$500 each, on the black market. Medical records are increasingly valuable because they contain personal data that can be used for further cybercrime. Unlike credit cards which can be swiftly cancelled, medical records have a long lifetime and hence a greater possibility of re-use.
“The last thing any patient wants to deal with after being hospitalized for an illness, is to then be victimized for years thereafter because of an insider theft scheme,” said Bowles. “This is happening more frequently due to inadequate or non-existent security measures surrounding the storage and use of personal medical records.”
Some people may ask, what prevents these individuals from walking out the front door with a patient’s medical records. Will purely ethics, morals and employee training manuals stop them? With cyberattacks at an all-time high these solutions appear inadequate.
In a recent article from Forbes titled “Your EHR could be worth $1,000 dollars to hackers” the author explains that the majority of all inappropriate accesses to EHR (Electronic Health Care Records) comes from the inside. They involved nurses, doctors, specialists and administrators all of whom have legitimate access to a patient’s EHR, but who have abused that access. In 2016, 450 breaches occurred, affecting 27 million patent records, and over 65 percent came from insider attacks.
In one instance, an emergency room employee at Florida Hospital used his access to collect information on patients injured in car accidents, which he then sold to chiropractors and lawyers. This went undetected from 2009 to 2011. After he was terminated, his wife, who was also an employee at the hospital, continued the scheme. In many instances, breaches go undetected for several years.
Lenders need to pay attention to this because it applies to mortgages as well.