When Hackers Attack Health Information

Hackers Attacking Health Info

Recent CBS news coverage around one individual’s medical identity being compromised after his wallet was stolen continues to tell of the frightening trend around health care cybersecurity issues. From medical procedures getting unknowingly charged to an account, to personal information selling on the dark web, the impact of lax protection of health information affects some on a daily basis.

At the time of the airing, industry research uncovered some other staggering statistics:

  • 11 million patient records were exposed in 2018, up 25% from the year prior, according to a report from Protenus. In an updated report, Protenus indicates breached records tripled in 2018 vs 2017, with over 15 million patient records breached
  • Gary Cantrell, Deputy Inspector General for Investigations, Office of Inspector General (OIG) stated that, at the time, the agency had handled nearly 400 reports of medical data breaches
  • This 2017 KLAS report, authored by Garrett Hall and Jon Christensen, showed that only 16% of provider organizations felt they had a fully functional cybersecurity program

Cybersecurity Ventures predicts that ransomware attacks on hospitals will increase by more than 5x between 2018 and 2021. And Modern Healthcare estimated that, if online theft keeps accelerating at the current pace, by 2024 everyone in the U.S. will have had their health care data compromised.

Data breaches are embarrassing and costly, with estimates that a breach can cost health care providers more than $400 per patient.

                                        Initiatives to Protect Patient Records

One initiative underway to combat cybersecurity attacks on health care is the CSA 405(d) Task Group, an industry and government collaboration that began in May 2017. The Task Group is focused on building a set of voluntary, consensus-based principles and practices to ensure cybersecurity in the Health Care and Public Health (HPH) sector.

In December 2018, the Task Group published Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients (HICP).  The goal of the publication is to raise awareness, provide vetted cybersecurity practices, and move organizations towards consistency in mitigating the most pertinent cybersecurity threats. The HICP provides guidance on cost-effective methods that a range of healthcare organizations at every size and resource level can use to reduce cybersecurity risks.

Legacy data management planning also supports a strong cybersecurity defense. Take stock of potential weak spots within the organization. Outdated systems and too many data silos can be easy entry points for a hacker. Often healthcare providers have 30-40 disparate legacy systems in various states of use and security. Think of each legacy system as a potential door or window. Too many unlocked doors and windows leaves the organization unstable and vulnerable for a cyberattack.

A solid legacy data archive offers a secure and efficient method to batten down the hatches and protect legacy data from cybersecurity breaches while providing ongoing access to the records and compliance with industry record retention standards.

Check out these helpful security-focused resources to start proactively safeguarding the valuable health data in your care:

  • 10 privacy and security questions you should ask your future data archiving partner to ensure your data is safe. This is a great resource if your organization is vetting out system decommissioning partners.
  • A comprehensive security-focused white paper with numerous suggestions and action steps to consider.

Ready to increase protection of your legacy data from cyber attack? Connect with us.



Feb 22 2019

Ready to learn more?

Contact us today to learn more about our healthcare data management solutions.

First Name *
Last Name *
Email *

Healthcare IT tips, guides, news & more delivered to your inbox

Sign me up