The Brookings Institution for research in the USA has recently issued a very informative and layman friendly report about the state of information security and privacy in the health-care sector.  Whilst the report is US centric, its key findings and recommendations apply almost universally in the developed world.

Recent leaps in technology toward health care digitization have resulted in unprecedented amounts of personal health data being collected, shared, and analyzed on an everyday basis. Due to this proliferation in data, there are now more reasons to be concerned about patient privacy than ever. Despite public concerns and government’s efforts, the frequency and magnitude of privacy breaches have been on an upward trend and data breaches are more likely to happen in the health care industry than any other sector. In this new report, Niam Yaraghi examines the recent privacy breaches in the health care system. He uncovers underlying factors leading to these incidents, documents lessons learned, and examines how to prevent similar breaches in the future.

Yaraghi identifies and explains several reasons that the health care sector is particularly vulnerable to privacy breaches:

  • Health care data are richer and more valuable for hackers;
  • Too many people have access to medical data;
  • Medical data are stored in large volumes and for a long time;
  • The health care industry embraced information technology too late and too fast;
  • The health care industry did not have strong economic incentives to prevent privacy breaches; and As Yaraghi illustrates, medical data breaches can be especially catastrophic because they contain information that cannot be changed.