A jarring reality recently hit the healthcare community as news spread of the major breach of the Tennessee based company, Community Health Systems Inc., which compromised the personal information of an estimated 4.5 million patients. In this particular case, the Securities and Exchange Commission reported a hacker in China bypassed the security measures the company had in place, more than once, in April and June of 2014.
But this is just the tip of the iceberg. “We’ve seen a 600 percent increase in attacks on the healthcare sector in the last 10 months,” said Carl Leonard, senior manager at Websense Security Labs in a recent technewsworld.com article.
A combination of the well-rounded lot of patient’s personal information, combined with federal mandates pushing healthcare systems to keep electronic records, has created the ideal environment for hackers looking to sell opportunities for identity theft.
“The personal identifiable information that a hospital has is very valuable because it’s supplemented by links into insurance documents and bank accounts. It’s also a very complete picture of an individual such that identity theft can occur as well,” Leonard told TechNewsWorld.
iHealthbeat.org also reported back in April, “….the FBI drew attention to health care organizations’ heightened risk of cyberattacks, warning that ‘cyber actors will likely increase cyber intrusions against health care systems — to include medical devices — due to mandatory transition from paper to electronic health records, lax cybersecurity standards and a higher financial payout for medical records in the black market.’”
And for health care practitioners that may be surprised or alarmed by this phenomena – it’s not new information. The Washington Post reported on this trend as early as February 2014, releasing staggering numbers, collected by non-profit Identity Theft Resource Center, comparing the instances of healthcare breaches to other industries.
The Post article, titled Cyberattacks are on the rise. And health-care data is the biggest target reported, “…health-care organizations suffered 267 breaches last year, or 43 percent of all attacks in 2013. That’s significantly higher than the business sector (comprised of retailers, tech companies and others) which suffered 210 attacks, or 34 percent of all breaches. The financial sector was hit by 23 breaches, or 3.7 percent of all attacks.”
What are health systems able to do to protect against this disturbing rise in breaches? Get informed. The most important thing to do in preparation for developing security standards is to understand the dynamics of a particular system, and how it could potentially be breached. By doing this, healthcare systems can work with professional security experts to develop the most solid plan for protecting their particular systems.
The TechNewsWorld article mentioned above also includes a long list of helpful security events and conferences available to professionals to help them learn and understand the dynamics of protecting their organizations.