Back in August Community Health Systems, one of the biggest hospital groups in the United States, announced that a group of hackers with ties to the Chinese government had stolen data from nearly 4.5 million patient records. Much of that data included Social Security numbers, addresses and a range of personal information protected under the Health Insurance Portability and Accountability Act.
The attack, the largest of its kind since the Department of Health and Human Services began tracking cyber attacks in 2009, has raised several questions for patients and most especially healthcare professionals, who find themselves in a particularly sticky situation when it come to cyber security. The use of Electronic Health Records (or EHRs as they’re also known) and digital web portals has become the standard means of collecting and managing information of patients and would-be-patients; much in the same way retail stores or banks has collected the credit card data of customers for years. But unlike retail stores and banks, which continue to work vigorously to combat various degrees of cyber attacks and financial fraud, ever since the advent of credit cards and the Internet, the wealth of personal information collected by hospitals has long-lasting and far more damaging implications when breached. What’s more, retail companies and banks have had time to adapt; hospitals and administrative teams are just now seeing the dangers involved and realizing how ill-equipped they are.
Mandiant, a security consulting service that monitors such attacks, noted that cyber attacks on public health records have spiked over the last several months. Unlike the limited lifespan of a credit card or your account data, the most miniscule amount of personal information has the potential for near perpetual disaster. For one, social security numbers are broader in utility, allowing hackers to commit multiple types of fraud and identity theft. A security report by computer data storage company EMC Corporation notes that the average selling price for a U.S. credit card in the underground is $1 USD. However when a single card is sold as part of a full identity profile, the cost increases dramatically to $500, with health insurance credentials adding an additional $20 each.
Verizon Data Breach Investigations Report and FireEye’s Advanced Threat also report what many of us may know but are afraid to admit. These cyber breaches are just the tip of the iceberg. Many more are likely to follow, even still as healthcare workers look to change their ways. In news out of Chicago, Healthcare IT News reports that the healthcare industry is making practical attempts to hire IT gurus and techies, based on new findings from HIMSS Analytics. HIMSS surveyed the workforce of several healthcare organizations, finding that demand for IT workers is “projected to continue in the foreseeable future,” according to press release from Lorren Pettit, Vice President of research at HIMSS Analytics.
You may be asking yourself, “How do I protect against these kinds of threats?” There is no simple answer. Diligence, however, is a virtue and the better prepared you are and the more knowledge you bring to the table can better serve your interests. Air your concerns face to face with your physician, dentist, or healthcare provider. At the very least, it will better the odds for everyone.