Cybercrime Security Threat: Healthcare Data Breaches

Cybercrime Security Threat Student’s Name Institution Date Cybercrime Security Threat Introduction In recent years, there have been numerous cases of healthcare data breaches that have grown both in size and frequency. The largest of these issues have impacted as many as eighty million people worldwide. Data breaches involved in healthcare typically exposes highly sensitive information from personally identifiable information that includes Social Security information, names and also addresses which are highly sensitive (Hasib, 2014). Such information contains Medicaid ID numbers, health insurance information and also the medical histories of patients. The motives behind cyber-attacks on healthcare companies are typically clear as they include health insurance institutions, pharmacies, urgent care clinics and numerous other healthcare providers. These enterprises typically maintain records of their clients and patients, which are highly valuable and hackers and data breaches usually target them for identity theft which is more rampant than any other industry. The focus of the paper will include an assessment of the data breaches in healthcare and the laws and regulations violated will also be analyzed. Additionally, the impact associated with this type of breach will be analyzed. Laws violated and analysis of data breaches The global estimates regarding cybercrime currently highlighted that cybercrime and all associated activities costs above forty billion dollars yearly. This issue costs the U.S alone, over four billion dollars annually. Cybercrime has become a highly complex and challenging issue and it consists of numerous communication devices especially in a specific network (Hasib, 2014). Newkirk Products Inc. is a service provider in healthcare threat provides healthcare identification cars for health insurance plan which includes numerous Blue Cross Blue Shield branches. The institution in 2016 began notifying over three million individuals concerning the large data breach (Snell, 2016). During this year, an unauthorized individual an unauthorized access toward a server that contained names mailing addressed member and group identification numbers and also their Medicaid information which was highly harmful to the institution (Abel, 2016). The intruders exploited the weakness within the administrative portal of their third-party software on their single isolated server, then acquired unauthorized access towards their system. Even though the health data security was not at risk since no health plan system was accessed, this was highly negative for the organization as their entire firewall system had been compromised from this hacking attempt (Abel, 2016). Another healthcare enterprise that has been affected by this type of cybercrime is Banner Health. This enterprise in 2016 indicated that the breach involved hackers acquiring unauthorized access towards the essential patient and client information. This also included their payment card information. The affected individuals were almost over two million as these included patients, food and beverage consumers, medical practitioners and also health plan members (Snell, 2016). The breach was termed as one of the most significant breaches for a health institution in 2016.The hackers gained access towards the point-of-sales system of Banner Health mainly at its food and beverage outlets within its facilities. This is similar to most attacks suffered by other institutions in the hospitality sector. Banner Health also did not effectively segregate their systems and beverages that had personal and sensitive information and health information which was protected, from those it utilizes in its point-of-sale system (Webb & LLP, 2016). The Banner Health breach signifies as one of the largest among other institutions that experiences data breaches as it involved over five hundred individuals. From the analysis of both of these data breaches, it is clear that most of them faced sophisticated attacks which concentrated on acquiring detailed medical records for sale. Snell, (2016) stated such detailed medical records are highly more valuable compared to other kinds of theft such a credit card theft since such records, have specific identifiers that allow hackers to pursue medical identity theft. Additionally, these individuals also participate in fraudulent health insurance claims for medical care and also prescription drugs. Ethical issues In the case of Banner Health, numerous laws were not followed by the institution. The patients and providers filed legal complaints as they stated that the enterprise was negligent in informing its clients concerning the issue. The institution failed to immediately notify them of the data breach which violated the right to privacy of the individuals (Webb & LLP, 2016). As for Newkirk, this institution broke the law of informed consent as it also failed to protect the data of its clients against the data breach vulnerability. Both of these institutions also breached contractual obligations due to the occurrence of the threat against their personal information. Also, both institutions did not provide conclusive information regarding the occurrence of the breach and therefore, they failed to notify the consumer concerning the breach (Alltucker, 2016). Handling of the breaches Newkirk focused on shutting down the third server and began an investigation to identify the causes of the accident. The institution hired third-party forensic investigators that assessed the extent of the unauthorized access and also determined whether the personal information of Newkirk’s clients may have been accessed (Abel, 2016). The enterprise also notified the federal law enforcement. When this breach occurred, the initial announcement of the company was that no health plan systems were accessed or compromised in any manne...