Texas Physician Hacked

According to the Texas Medical Association, a physician in South Texas reported a breach in April of 2016 using a method of attack known commonly as “ransomware”. With this method, cyber-criminals will hack into the target’s computer, then encrypt the data so that the target is unable to access any of the private files on the device. The target then has to pay a “ransom” fee in order to purchase the password that will decrypt the computer’s files.

Can you think of a more frustrating way to start your week?

Despite efforts to prepare for and prevent cyberattacks, practices across the U.S. are still experiencing healthcare breaches. In fact, according to the KPMG Health Care and Cyber Security 2015 Report, 4 out of 5 healthcare providers and payers stated that their internal technology was compromised by one or more cyberattacks.

A more alarming detail explained in the report is that many healthcare organizations (25 percent) are unaware of their company’s capabilities to effectively detect and respond to a security threat in real time—meaning they could have been breached at some point recently and still remain unaware of the attack.

With the threat of a breach looming, healthcare data security should be a number one priority for practices across the U.S., and according to the report above, it is definitely on the agenda. Of those surveyed, 85 percent of providers and 89 percent of payers indicated that cybersecurity had been discussed at the board level within the year, and 86 percent of providers and 88 percent of payers had invested in cybersecurity within the year.


The threat of healthcare breaches seems to be focused around a few key areas for healthcare data security:

Digital Electronic Health Records (EHR)
The switch over to digital healthcare records is providing an access point for many cybercriminals, since the technology is still new and as yet untried and now all records are being made available in digital format.

Antiquated technology
Network applications or vendor software that have not been recently updated to incorporate greater encryption technology for increased healthcare data security protection could be putting your practice at risk to healthcare breaches.

Constant criminal evolution
Unfortunately, hackers are quick to update their methods and approaches to obtaining data. In some industries, the focus is constantly changing. Healthcare data security is going to have to keep up with the rate of evolution if healthcare breaches are to be prevented in the future.

The threat against healthcare practices is real and constantly changing. Improved healthcare data security is essential to preventing major healthcare breaches that could compromise private patient records and expose patients to identity theft and medical insurance theft.


Practices can help prevent some theft with the following methods, since most hackers will move on to easier targets if they see your security is harder to penetrate.

Invest in encryption software and speak with your card payment service provider and insurance contacts about their data encryption systems.

Good firewalls can help create layers of protection to keep forms of malware outside of your internal systems.

Make your staff aware of the threats to your internal systems and train them on how to prevent cybercriminals from gaining access, since a large deal of penetrations are due to negligence when someone on the inside accidentally lets a virus or malware bug into the system.

Devoted security
If you do not currently have a head of IT security monitoring your internal systems, hire someone. Again, one of the scarier facts is that some organizations that have been hit aren’t even aware of what they’ve lost. A devoted employee or department can constantly monitor and respond to the threat.

While cybercriminals are targeting healthcare data security systems, there are things that you can do to keep criminals from getting in. Be smart and keep your staff informed. Vigilance and updated systems and software are the best defenses, and while it might be impossible to eliminate the threat entirely, you can certainly discourage them from targeting your organization by making sure they know you’re prepared—that you will not sit by passively while they take what doesn’t belong to them.