Health data breach is a dreaded concern for all entities handling healthcare data of patients, whether in the medical, legal, insurance or other sectors. Healthcare documentation is often required for review purposes and it calls for failsafe security measures during retrieval, evaluation, transfer and storage. Security experts remain concerned about massive data breaches that may be lurking amidst efforts of people trying to protect health data. There is solid reason for this apprehension – cybercriminals use highly sophisticated techniques to wreak havoc.
Events unfolding one after another show the healthcare industry in really bad light. In February this year, Associated Press reported how hackers broke into Anthem’s network and compromised the personal records of almost 80 million customers. They cybercriminals are said to have obtained the credentials of five Anthem technology workers and via targeted phishing campaigns duped network administrators into disclosing login information, or clicking a link that allowed the hackers access to their computers. Experienced security experts point out that the healthcare industry is not yet prepared for a cyber attack and is more vulnerable than other industry sectors in spite of the enthusiastic drive for implementing electronic healthcare records.
Alarming news has surfaced once more with Premera Blue Cross, a major healthcare services provider, disclosing that its network has been broken into and the financial and medical records of 11 million customers compromised. The harrowing concern is that the criminals may have accessed highly sensitive information including the patient’s name, date of birth, address, telephone number, social security number, bank account information and claims information including clinical information. As yet, they have no proof to indicate that the stolen data is being used inappropriately. The leading health service provider said that it would notify all affected customers in letters sent by postal mail. Moreover, it would also offer two years of free credit monitoring services for customers.
The problem is, as the above mentioned security experts point out, healthcare and pharmaceutical companies do not consider cyber security as a strategic business issue. Consequently they do not invest sufficient resources to safeguard their data.
These incidents call for the need of effectively securing the networks and internet-connected devices of healthcare organizations. The federal government has expressed alarm at the large number of breaches occurring – the records of at least 31.7 million people have been exposed since the U.S. Department of Health and Human Services made reporting compulsory in September 2009. The largest HIPAA settlement to date is the $3.3 million penalty imposed on the New York Presbyterian Hospital for a compromised server.