Those decisions will have to be made, however, because their electronic information has the same appeal to hackers that all electronic information does. "Health care is being targeted by a lot of the same kinds of attacks from anyone who's going after financial information, something that can easily be converted into credit card payments or Social Security numbers for identity theft or tax fraud," said Suzanne Widup, a senior analyst with Verizon's RISK Team.
"With all these health care exchanges coming online, that's something that I'm sure is going to get a lot of scrutiny by the bad guys," she added.
Those exchanges will be soft targets for net bandits, maintains Larry Ponemon, founder and chairman of the Ponemon Institute. "These exchanges will contain lots of facts about individuals, and those facts will be very helpful in creating false credentials and false identities," he said.
"They were a rush job and security wasn't a strong feature," Ponemon noted. "As these exchanges develop their data bases, there doesn't seem to be any extra special security effort being put into place."
Health care organizations are also being attacked from the inside. "We're seeing people being recruited from inside the organization because they have access to the data and they can feed it to bad actors on the outside," Widup said.
What's more, health care organizations of all sizes are being targeted by hackers. Dan Edwards, president of PactOne, which provides consulting services to dental and orthodontic offices with anywhere from five to 120 computers, said a common attack on those health care providers is ransomware.
In a typical ransomware attack, malware encrypts all the data on a computer. Then the computer operator is informed they must pay a ransom to receive the key to decrypt the data. "That's really not true because after you pay them, they keep the money and never give you access to your data again," Edwards said.
In those cases, an organization learns quickly the value of good storage hygiene. If an office has been diligently backing up its data, it can restore the data that's been targeted by the ransomware from those backups and continue operations with a minimum of disruption.
As cyber attacks on health care providers increase, they, as have other industries, will begin to turn to big data solutions to protect their large stores of information. "It's impossible for a human to intelligently, accurately and reliably see unusual activity regarding access to electronic health records," said Lee Kim, director of technology privacy and security solutions for the Healthcare Information and Management Systems Society, a global not-for-profit organization focused on promoting better health through information technology.
Sign up for MIS Asia eNewsletters.