During 2016 data breaches techniques and attempts changed dramatically on a worldwide scale, and the healthcare sector was one of the most targeted fields. There are four main data which are relevant to Digital Health Enterprises:
Cybercrime is the cause of 72% of the real attacks during 2016 globally.[^1] This demonstrates how money is always the preeminent cause of the attacks and the ultimate motivation of the attackers, which can earn money, for example, by selling health sensitive data.
32% of attacks were sparked by unknown techniques (with an increase of 45% over 2015), mainly due to the lack of accurate information on public domain sources).[^2]
Malware continues to pose a major threat. The email malware rate increased significantly during 2016, from 1 in 220 emails sent containing malware in 2015, to 1 in 131 emails in 2016; Healthcare Services saw a jump from 1 in 396 emails malware to 1 in 204.[^3]
"Health Services" is the 2nd most affected sub-sector (after Business Services).[^4]
The Ultimate Guide on GDPR and HIPAA compliance
The Italian Case
Among the many countries, 2016 has been the worst year for healthcare security in Italy. With a percentage of +102% of attacks (compared to 2015), Italy has experienced the largest increase ever registered in serious health data attacks through ransomware and data thefts.[^5]
Furthermore, Italy's Data Protection Authority (the Garante) showed an increase of about 38% of its sanctioning proceedings (2,379), compared with the previous year. The penalties already levied by the tax office amounted to € 3.3 million and 53 cases were reported to the judicial authorities, most of which relate to cases of non-adoption of the minimum security measures.[^6]
Digital Health Enterprises face several risks if a data breach occurs. These may be (just to cite some):
- Theft of sensitive or potentially sensitive health data;
- monitoring of user actions;
- blocking of data or services with the intent of extorting money (sensitive health data are, together with financial information, the more requested type of data on the black market);
- High fines by Data Protection Authorities (up to €20 Million according to GDPR, and up to $1.5 million according to HIPAA).
How to face these issues?. The real problem remains the cost.
Only a limited part of companies can buy advanced solutions to almost completely set at zero the risk of any type of threats.
How Chino.io can help
Only companies that consider security as a high priority have managed to keep up with the rapid evolution of data breaches and hacks.
Chino.io provides to application developers a service to safely store health sensitive data in compliance with EU data protection laws and policies and with a fair pricing.
Subscribe to Chino.io newsletter
[^1] See Clusit Report on Italian IT security 2017, which contains an intro on global scale attacks.
[^2] Clusit Report on Italian IT security 2017, pg. 28
[^3] Symantec, Internet Security Threat Record 2017, pg. 25
[^4] Symantec, Internet Security Threat Record 2017, pg. 48
[^5] Clusit Report on Italian IT security 2017, pg. 24
[^6] Garante per la Privacy, Newsletter - 28/02/2017].
Photo credit: Designed by Freepik