As Halloween approaches, the usual spate of horror movies will intrigue audiences across the country, replete with slashers named Jason or Freddie running amok in the corridors of all-too-easily accessible hospitals. Unfortunately, this horror movie scenario is similar to how data thefts often occur at medical facilities.\n Permission granter by Cognetyx. \nDigital finger printing user access pattern.\n\nIn 2015, healthcare was one of the top three industries hit hardest by data vandals. Patients\u2019 records, packed with a wealth of exploitable information such as credit card data, email addresses, Social Security numbers, employment information and medical history records fetch a high price on the black market.\nWho are the hackers?\nApproximately 45% of the attacks are from outside intruders looking to steal valuable patient data. However, \u201cphantom\u201d hackers are also often your colleagues, employees and business associates, careless in the use of passwords or duped by phishing schemes that trick them into opening the door for data thieves.\nThe problem is not only high-tech, but also low-tech, requiring providers across the continuum to simply become smarter about data protection and privacy issues. Medical facilities are finding they must teach doctors and nurses not to click on suspicious links.\nGrowing nightmare\nMedical data theft is a growing national nightmare. IDC\u2019s Health Insights group predicts that 1 in 3 healthcare recipients will be the victim of a medical data breach in 2016. Other research yields similar findings. For example, the Ponemon Institute's Sixth Annual Benchmark Study on Privacy & Security of Healthcare Data found that in the last two years, 89% of healthcare organizations reported at least one data breach, with 79% reporting two or more breaches. The Ponemon survey also found the number of healthcare attacks over the past five years has increased 125% and the average cost of a healthcare data breach is about $2.2 million.\nAt health insurer Anthem Inc., hackers\u00a0stole\u00a0up to 80 million records using social engineering to dig into the company's network using the credentials of five\u00a0tech\u00a0workers. The hackers stole names, Social Security numbers and other sensitive information, but were thwarted when an Anthem computer system administrator discovered outsiders were using his own security credentials to log in to the company's systems and to hack databases.\nHealthcare hacks spread hospital mayhem in diabolical ways\nBanner Health, operating 29 hospitals in Arizona, had to notify millions of individuals that their data was exposed. The breach began when hackers gained access to payment card processing systems at some of its food-and-beverage outlets. That apparently also opened the door to the attackers accessing a variety of healthcare-related information.\nWhat makes this breach more concerning is the question of how did the hackers access healthcare systems after breaching payment systems at food-and-beverage facilities when these networks should be completely separate from one another? Healthcare system networks are very complex and become more complicated as other business functions are added to the infrastructure \u2014 even those that don't necessarily have anything to do with systems handling and protected health information.\nYou've no doubt heard of ransomeware. The first reported attack was on Hollywood Presbyterian Medical Center, which had its EHR and clinical information systems shut down for more than week. The systems were restored after the hospital paid $17,000 in Bitcoins.\nTaking healthcare security seriously\nHealthcare is an easy target. Its security systems tend to be less mature than those of other industries, such as finance and\u00a0tech. Where a financial services firm might spend a third of its budget on information technology, hospitals spend only about 2% to 3%.\nMeanwhile, as the Ponemon Institute research shows, the number of healthcare attacks over the past five years has increased 125%. Personal health information is 50 times more valuable on the black market than financial information. Stolen patient health records can sell for as much as $363 a piece.\u00a0\nMany healthcare executives believe that the healthcare industry is at greater risk of breaches than other industries. Despite these concerns, many organizations have either decreased their cybersecurity budgets or kept them the same. The healthcare industry has traditionally spent a small fraction of its budget on cyber defenses, and it has not shored up its technical systems against hackers.\nDisrupting the healthcare security industry with behavior analysis\nCommon defenses in trying to keep patient data safe have included firewalls and keeping the organization\u2019s operating systems, software and anti-virus packages up to date. This task of constantly updating and patching security gaps or holes is ongoing. However, with only about 10% of healthcare organizations not having experienced a data breach, sophisticated hackers are clearly penetrating through these perimeter defenses and winning the healthcare data security war. It's time for a healthcare data security disruption.\nMany organizations employ network surveillance tactics to prevent the misuse of log-in credentials. These involve the use of behavior analysis, a technique that the financial industry uses to detect credit card fraud. This technology relies on cloud technology to combine artificial intelligence (A.I.) with machine learning algorithms to create and deploy \u201cdigital fingerprints\u201d using ambient network surveillance to cast a net over EHRs and other hospital data sanctuaries. It exposes user behavior deviations that humans would miss and not only stops outside hackers and malicious insiders, but also flags problem employees who continually violate cybersecurity policies.\nThe concept is simple. A pattern of user behavior is established, and any actions that deviate from that behavior, such as logging in from a new location or accessing a part of the system the user normally doesn\u2019t access, are flagged. Depending on the deviation, the user may be required to provide further authentication to continue or may be forbidden from proceeding until a system administrator can investigate.\nSome of those leading this effort include Cognetyx, which delivers ambient cognitive cyber surveillance technology to protect healthcare information assets against cyberthreats, data breaches and privacy violations. It uses a virtual intelligent eye that generates a digital \u201cfingerprint\u201d based on behavior for every log-in by any user in all applications, recording how data is being accessed within an organization. Once a baseline for behavior is established, the system can easily identify anomalies in user activity and send out the appropriate alerts immediately when there are deviations from normal behavior.\nHindsait is another healthcare organization, but not a security company, that uses artificial intelligence and predictive analytics in a software-as-a-service platform, enabling payers and accountable care organizations to identify potentially unnecessary services during the review process and improve quality of care.\nThe healthcare data security war can be won. The industry would do well to implement network surveillance that includes behavior analysis. It is the single best technological defense against the misuse of medical facility systems and the most powerful weapon the healthcare industry has in its war against cybercriminals.