Why Is Health Care Cybersecurity So Bad? Blame the Insiders

Email not displaying correctly? View it in your browser.

FOLLOW subscribe SEND TIP March 2, 2018 Hello and happy Friday, readers! This is Sy. It’s no secret that health care is particularly vulnerable to cyberattacks when compared with other industries. But a new cybersecurity report from Verizon outlines the stunning degree to which internal actors are responsible for health care data breach threats—whether for personal gain or through sheer human error. “Health care is the only industry in which internal actors are the biggest threat to an organization,” wrote the report authors. “Often they are driven by financial gain, such as tax fraud or opening lines of credit with stolen information (48 percent); fun or curiosity in looking up the personal records of celebrities or family members (31 percent); or simply convenience (10 percent).” The assessment goes on to note that employee practices are a big part of the problem, too. In fact, pure human error—including misdelivery of personal health information, disposing of sensitive data in an improper manner (including by not shredding up paper documents), and publishing information on platforms that have a wider-than-intended audience, made up more than a third of the “threat actions” identified by Verizon. The widespread use of paper documents in the medical system is a big part of the problem; information may get sent to the wrong place, or thrown away into bins that could open up unintended access. But that’s not to say there isn’t medical malice at work, too. “From a standpoint of internal actors, the access that healthcare workers have to personal information of patients affords a convenient means to commit fraud of various types (for example tax return fraud or opening lines of credit),” wrote the authors. “Insiders are also frequently prone to curiosity, and the accessing of patient data outside of their job responsibilities is reflected in the 94 instances where fun is the motive behind the data breach.” Those are some troubling findings given that health care is also particularly vulnerable to ransomware due to the wealth of highly personal medical and financial information contained in such records. As we’ve covered before, nearly three-quarters of all 2016 malware attacks analyzed by Verizon were ransomware, in which sensitive information is held hostage in exchange for digital recompense. Verizon has a number of suggestions for addressing these threats, including better practices when it comes to securing passwords, disposing of data responsibly, and training employees to not get suckered by malicious phishing emails (you can read the full report here). The conclusion, overall, is a daunting one: “Note that none of these [threats] are mutually exclusive and it's normal for several threat action categories and multiple threat action varieties to be present in an incident or breach event chain, just as it's possible for a person to be suffering from more than one illness at once.” Read on for the day’s news. Sy Mukherjee @the_sy_guy sayak.mukherjee@fortune.com . DIGITAL HEALTH Big pharma wants your big data. Reuters is out with a revealing analysis showing just how important big data has become to the clinical trial enterprise. "Half of the world's 1,800 clinical studies involving real-world or real-life data since 2006 have been started in the last three years, with a record 300 last year," according to the outlet. Those are especially concentrated in therapeutic spaces like cancer, heart disease, and respiratory illness. Why? There are several potential reasons, including the plummeting big pharma ROI on drug R&D (as I wrote about in this piece about the diseases which we aren't curing); another issue is the benefits provided by wearable devices and electronic records in measuring "real-world" evidence, which can be a more cost-effective avenue for data collection than more controlled clinical trial settings. (Reuters) . INDICATIONS Biogen, AbbVie pull MS drug from the market on safety concerns. Biotech giants Biogen and AbbVie are yanking their multiple sclerosis treatment Zinbryta (approved in the U.S. in 2016 alongside a boxed warning) from global markets after eight reports of brain inflammation possibly related to the drug emerged, prompting an urgent review in Europe. Ionis, Roche provide promising Huntington's disease results. Ionis and partner Roche on Thursday announced promising early- to mid-stage clinical trial data for an experimental drug to treat Huntington's disease, a devastating rare disorder with no cure that causes progressive cognitive and psychiatric symptoms. The companies said that there was an average 40% reduction in the deadly, brain-wasting protein developed in Huntington's patients taking the two highest doses of the drug—particularly significant because, if the results hold up in larger trials, it could become the first treatment to actually treat the root causes of Huntington's rather than just the symptoms. . THE BIG PICTURE Kentucky may start taxing opioid prescriptions. Kentucky lawmakers are considering legislation to impose a tax on opioid prescriptions, part of the state's war on the opioid overdose crisis. If passed, the law would impose a 25 cent per dose tax on drug distributors; the pharmaceutical industry and its various middlemen have argued that such a provision could deny patients in need of relief their treatments. (STAT News) . . REQUIRED READING The Promise and Peril of the Trump Economy, by Shawn Tully What Is Good Design in the 21st Century? The Brainstorm Design Conference Aims to Find Out, by Casey Quackenbush Exclusive: Uber Creator Invents New Cryptocurrency—And Wants Your Help Making It Reality, by Robert Hackett Flights Grounded as Powerful Nor'Easter Hits the East Coast, by Emily Price Produced by Sy Mukherjee @the_sy_guy sayak.mukherjee@fortune.com Find past coverage. Sign up for other Fortune newsletters. . Email Clifton Leaf subscribe share: . This message has been sent to you because you are currently subscribed to Brainstorm Health Unsubscribe here Please read our Privacy Policy, or copy and paste this link into your browser: http://www.fortune.com/privacy FORTUNE may receive compensation for some links to products and services on this website. Offers may be subject to change without notice. For Further Communication, Please Contact: FORTUNE Customer Service 3000 University Center Drive Tampa, FL 33612-6408 Advertising Info | Subscribe to Fortune