Health Care Records Have Long Been a Target for Hackers

Sue Marquette Poremba
Slide Show

Five Important Lessons from Recent Data Breaches

I was scanning headlines the other day and noticed one that warned that medical records will be the next big target for hackers. The article focused on a new report that shows how poor cybersecurity is within the health care industry, from hospitals to insurance companies.

It’s important information that needs to be shared, but I think we are five years or so too late with the warnings. As an eSecurity Planet article pointed out, since 2009, nearly 30 million Americans have been affected by a breach or cybersecurity breakdown within the health care industry, and it is getting worse. The article stated:

In 2013 alone, according to the report, 199 PHI [Protected Health Information] data breaches were reported to the U.S. Department of Health and Human Services, impacting more than 7 million patient records -- that's a 138 percent increase over 2012.


Next big target for hackers? More like a long-time target that is finally getting some attention in large part due to the recent retail breaches. All of a sudden, the general consumer is concerned about the safety and privacy of the data they share.

But the new report from Norse Corp. and the SANS Institute comes at an interesting time. England was planning to roll out a huge national medical and patient database, but a few days ago announced that the project was being stopped. Citizens were against the creation of the massive database because of privacy fears, and the government agency behind the project has said there would be more effort spent in explaining the reasons why the database will be so helpful for medical research. However, the agency has also admitted that security of the database just wasn’t very good and would likely be vulnerable to hacking attempts.

Why has the health care industry been so vulnerable to cybersecurity problems? According to an article published by Fox Business, the problem is three-fold:

  • Patient privacy isn’t a concern within IT (I find that astonishing, especially considering the long history of industry breaches)
  • Too much human error
  • Ignoring or not understanding insider risks

To be honest, the cybersecurity problems faced by the health care industry are no different than those faced by any other industry. But it is disingenuous to pretend that this risk of breaches is a new concern.



Add Comment      Leave a comment on this blog post
Feb 21, 2014 8:26 AM Not2Nite Not2Nite  says:
Agree that HealthCare records have been a target for years, that's absolutely nothing new. But consider this ... one of the end goals of ARRA is a national, fully interconnected, Electronic Healthcare Record environment. That means any one computer at a provider can access medical records for an individual from any where in the US. Great for providing care to the traveling patient. But stop and think about the "one doc shop" in Cornfield, Iowa where it's route to still leave your keys in your car and your home unlocked. Do you think that they've invested heavily in securing their PCs? So, a malicious individual compromises the weakest point and has access to the nation. Great idea! Reply
Mar 25, 2014 11:51 AM Group Health Insurance Group Health Insurance  says:
Safe guarding health insurance records has become a very big task. There is requirement of strong security system. Reply

Post a comment

 

 

 

 


(Maximum characters: 1200). You have 1200 characters left.

 

null
null

 

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.