Cost of health data breaches may rise exponentially

Outlook

The recent data breach at one of Singapore’s largest public healthcare providers, which saw the theft of the health records of 25% of the country’s population, underlines the vulnerability of personal information that is unique (such as DNA or retinal scans), sensitive (such as information on chronic illnesses and prescriptions) and hard to alter (such as social security or national insurance numbers).

Stolen health data has already been misused for ransom, targeting adversaries, fraudulent billing and blocking access to health services. Demographic pressures, strain on public health spending and technological innovation will continue to expand the provision of technology-enabled healthcare services such as telemedicine, wearable sensors and app-based diagnostics. This growing digital interconnectivity means the cost of cyber irresponsibility will escalate, possibly exponentially in line with technological breakthroughs.

Impacts

• Given the data-richness of health and educational organisations, their relatively poorer cybersecurity provisions are no longer tenable.
• The illicit market in laundering stolen health data will expand, but so will institutional investment in health cybersecurity.
• The EU’s General Data Protection Regulation leads global policy in compelling firms to report breaches and tighten security.
• Australia’s latest quarterly report on data breaches highlights insider threats, human error and phishing as particular health sector risks.