Newkirk Products, Inc., a company that produces ID cards for health-insurance plans reported a data breach earlier in 2016 involving unauthorized access to a server holding member information. The company reported that no social security, banking, credit card or medical data was stored on the breached server.
Newkirk does business with several insurance providers, so the data that was breached included some combination of names, addresses, dependents on the plan, type of plan, member and group ID numbers and dates of birth.
According to Newkirk, there was no evidence that the data has been used inappropriately, but 3.3 million insurance plan holders were affected by the attack. The company said that the unauthorized access likely began on May 21 and was discovered on July 6.
Affected organizations included Blue Cross and Blue Shield of Kansas City, Blue Cross Blue Shield of North Carolina, HealthNow New York Inc., and Capital District Physicians' Health Plan, Inc. Since the breach's discovery, Newkirk brought in a third party forensic investigator to assess the situation. Newkirk notified federal law enforcement and letters including an offer of two free years of identity protection and restoration services have been mailed to those affected by the incident.
The healthcare industry will always be a valuable target for hackers simply because the contents of the healthcare record are so valuable. Social security, payment information and other sensitive personal information are all rolled into one package that when stolen create the possibility of identity and credit fraud.
Verizon's 2016 Data Breach Investigations Report showed that 39 percent of healthcare data breaches took months to discover. Meanwhile, 38 percent of healthcare attackers only need a matter of minutes to compromise a security system. A hacker can be in a system exploiting customer data for months at a time without interruption.
Newkirk is just one of a string of incidents that are causes for concern in the healthcare industry. With each passing year, it becomes increasingly important—and difficult—to secure healthcare data.
Newkirk Products may not be a healthcare provider, but the situation reinforces the importance of data security in all cases. With so much personal information in an ever-changing environment such as the cloud, it is important to know where pertinent data is stored, and who is storing it.
The Newkirk data breach illustrates the point that any company that has a connection to medical records is under increased risk of attack, and should take that into consideration when it comes to securing data.