Data and analytics today are playing a major role in the organization’s growth. Stakeholders in a business environment such as companies, investors, and individuals deal with some or other kind of data in their day-to-day life. The data is key to the business prediction that helps to analyze consumer behavior. Companies stores a large amount of data related to their customers and analysis them accordingly to understand the market trends, to make future decisions, and setting strategies and communication that are more personalized. In turn, it helps to improve their performance and position in a highly competitive market, which also ensures growth and ROI.
Over the years, the advancement in information and communication technology and digitization has created several points of data collection. The use of smartphones, information systems, and other web-based smart devices have made the data collection more organized and distributive which helps the companies to get valuable information about the user’s preferences and behavior. With the increasing amount of data collection, there is no doubt the companies are benefiting from it, but it has some negative aspects associated with it. The collection of data and its breach is rapidly bringing catastrophic scenarios for the companies and the users. The data breach is one of the common points of discussion among various stakeholders, including businesses, governments, investors, and the user.
What is a Data Breach?
Data breaches are one of the major concerns in today’s information age. A data breach is related to the external exposure of confidential or protected information in an unauthorized fashion by a third party with malicious intent. Data breaches can occur due to external attacks, or it can be an inside job by employees in the organization. Data breach severely impacts the users’ trust and their relationship with the organization. As for the companies, it degrades their reputation and their market value.
As per the World Economic Forum, the “cyber-attacks feature in both top 10s, at number five for likelihood and seven for impact, while data fraud is at number four for likelihood, reflecting an overall trend as technology shapes the risk landscape”. As per TechJury, the global cost of online crime is expected to reach $6 trillion by 2021”. The number of breaches and financial costs incurred due to breaches is expected to increase in the future as well.
Data Breaches in Healthcare Sector
Like other industries, healthcare has also observed data breaches cases over the past few years. In fact, healthcare is one of the most prone sectors to unauthorized access to consumer data. As per the HIPAA Journal, “between 2009 and 2020, 3,705 healthcare data breaches of 500 or more records have been reported to the HHS’ Office for Civil Rights”. In one of the major healthcare data breaches to date, Anthem, Inc., confirmed that nearly 78.8 million people’s personal information was compromised in 2015. The data that got stolen included names, social security numbers, home addresses, and dates of birth of the users. In 2015, the leading healthcare data breaches were from the healthcare sector.
The reports related to the healthcare data breach that emerged over the years have severely impacted the user/patient’s experience. As per the analysis based on HIPAA data breach reports, the major types of data breaches are related to hacking incidents, unauthorized access (internal), theft or loss, and improper disposal of unnecessary data. As per the analysis of HHS data on hospital breaches by Bitglass, in 2020, more than 500 data breaches were reported with hacking and IT incidents at the top risk factor with 67.3% of all cases. Similarly, loss or theft and unauthorized disclosure are other major factors. The overall incidents in 2020 were nearly 55% more than the previous year.
In another of the largest healthcare data breaches in 2020, nearly 3.3 million individuals’ data of Trinity Health is accessed by ransomware attacks. In 2021, Trinity Health faced another attack in which the health data of 586,689 patients were exposed. Similarly, MEDNAX Services had a data breach of over 1,290,670 individuals. In another most significant incident, Inova Health System was attacked, which led to 1,045,270 individuals data exposure. Northern Light Health, Inova Health System, Health Share of Oregon, Elkhart Emergency Physicians, Florida Orthopaedic Institute, Dental Care Alliance, Luxottica of America are other major organizations that have data breaches in their security in 2020.
How do Data Breaches affect Healthcare Sector?
Healthcare is one of the primary targets for hackers, as the data contains the user’s sensitive personal, financial, and medical information. Stolen data can be used in multiple ways; primarily, it can be sold to third parties or competitors to gain immediate monetary benefits. Similarly, it contains personal information that can be used to blackmail the customer or carry out other criminal activities by impersonating the user. Moreover, sensitive medical information related to sexually transmitted diseases or terminal illnesses can lead to embarrassment to the user or patient. In some cases, the hacker uses credit-card to purchase drugs and fill prescriptions.
Harm to reputation, brand identity, losing customers, and loss of trust are the major issues that companies face after the data breach. But financially, data breaches can be very costly for them. Some companies face long-term impacts on their financial position, while some may not be able to stand again in the healthcare market. It is observed that the cost of breached data is comparatively much higher for healthcare as compared to other sectors. As per Ponemon (a research center engaged in privacy, data protection, and information security policy), healthcare’s average cost per breach has increased from $429 in 2019 to $499 in 2020. The cost is likely to increase in the future with rising data collection. Similarly, the healthcare firms take nearly 96 days to identify breaches and take about 236 days to recover from the breach, which is the longest time to recover among other breaches in industries. It also needs to mention that the employees of the affected organizations also face severe workloads, negative criticism, emotions, and customer anger.
Understanding the Role of Stakeholders to deal with the Rising Threat of Data Breaches
Cyber and data security is a major concern to healthcare and other industries. Over the years, the data breach case has increased significantly and is expected to rise in the coming years. However, with corrective measures, the data breaches can be handled remarkably. To combat the data breach, precautions and measurements can be followed at different levels, from organizations to authorities and from employees to end-users.
Organizations are obligated to protect the user’s data from potential breaches. First, companies are required to report data breaches to the concerned authorities. Similarly, follow-up messages notifying and alerting the concerned stakeholders such as employees, customers, investors, partners should be followed. It is observed that companies make delays in issuing theft alerts. To ensure data safety, the companies need to adapt and modify their online infrastructure and upgrade their cybersecurity capabilities as technology advances. Encrypting the hardware & software and regularly training the employees can help the organization overcome the security challenges. Similarly, conducting security audits by researchers & security experts and regular risk assessments across the organization will help sort security gaps.
Governance is a central pillar in setting policies and practices in sensitive data handling related segments. The valuable role of the government in implementing technical compliance and risk management can be neglected. To ensure the proper data flow, the government needs to ensure auditing and monitoring for the companies and awareness among the users. Countries worldwide follow different norms to handle cases related to data privacy and security. In the USA, to deal with patients’ healthcare information. HIPAA penalizes the organization depending on the severity or response of the covered entity. With the rising dependability of data to make decisions and provide practical solutions, the risk for data theft is also likely to increase. However, with the implementation of cybersecurity & infrastructure security measures and the cooperation between companies and the government, the damage can be curtailed to a much larger extent.