Health-care organizations are under attack.

Criminals are stealing patient records to commit medical identity theft. And the Affordable Care Act (ACA) has made the situation worse, according to a new report from privacy and information security research firm Ponemon Institute.

Ponemon estimates that these breaches cost the industry about $5.6 billion a year.

The survey found the overall number of reported data breaches at health-care organizations declined slightly last year, but criminal attacks on health-care providers increased dramatically up 100 percent since 2010.

This is Ponemon's fourth annual Patient Privacy and Data Security study, and it finds that most data breaches are caused by sloppy practices, such as lost laptops loaded with unencrypted patient data.

"The information that's contained in a medical record has real value in the hands of a cyber criminal," said Larry Ponemon, chairman and founder of the Ponemon Institute. "And there's evidence that suggests that in the world of black market information, a medical record is considered more valuable than everything else."

"The people in the health-care industry are good people who sometimes do stupid things, and that is the source of a lot of the problems."

"The black market is being flooded with payment card data," said Rick Kam, founder and president of ID Experts, which sponsored the study. "That data expires rather quickly because financial institutions replace the cards. Your Social Security number and personal health record don't change. They have a long shelf life."

Other key threats include employee negligence, unsecured mobile devices and third-party contractors who have access to the sensitive patient information of the health-care organizations they work with.

Good people doing stupid things

Read the original here:

U.S. Health Care System Has $5.6 Billion Security Problem