Cyber-Criminals Target Health Care Information

By Jared Rhoads

Consumers entrust health care providers with some of their most sensitive personal information, and they have high expectations that this information will remain private and secure. However, the incentives for cyber-criminals to exploit weaknesses and vulnerabilities for financial gain are sizable, and industry preparedness is, at best, spotty.

According to the Department of Health and Human Services, more than 19 million people have had their health information compromised in some form since the new Health Insurance Portability and Accountability Act (HIPAA) breach notification rule went into effect a few years ago. While many of these breaches are attributable the loss or theft of laptops, thumb drives and other physical data storage devices, instances of cyber-infiltrations are on the rise, and the potential for damage to real-time facility operations is far greater.

In their search for easy prey, cyber-criminals typically attack smaller, less well-defended targets such as small-practice offices, clinics and community hospitals. The craftiest hackers cover their tracks after a breach, so victimized organizations don’t discover the damage until weeks or month later.

Meanwhile, patients who are victims of data breaches have more to cope with than just the invasion of their privacy. According to a 2012 study by Verizon, most hackers who infiltrate health IT systems are primarily seeking to exploit the financial data associated with electronic health records.

Cyber-criminals typically extract the information and sell it to a third party for use in various organized schemes involving identity theft, insurance fraud or outright financial theft. According to recent estimates, a stolen medical identity now has a street value of $50, compared to $14-$18 for a stolen credit card number and just $1 for a stolen Social Security number.

Health care organizations need to modernize their approach to cyber-security with an integrated strategy that addresses current threats and tackles the ever-changing landscape. At the most basic level, organizations must first address known problems and implement basic safeguards, such as disk encryption, network monitoring, network segmentation and use of a data enclave. Then, to deal with always-evolving information technology and security needs, organizations should develop (or partner for) the specialties and resources to handle new risks as they emerge.

For starters, organizations should conduct a comprehensive risk assessment to identify the gaps between their current practices and industry best practices. While doing a risk assessment, organizations can also ensure compliance with federal and state laws, including HIPAA, although these regulations should always be taken as a floor for capabilities, not a ceiling.

Organizations should also develop an explicit strategy for combating threats and responding to incidents, and document their reasons for addressing potential risks the way they have. In the event of a federal HIPAA audit, such documentation is critical.

Anticipating new threats is a bigger challenge. Given the resources, skills and motivation of cyber-criminals, the number of organizations that can adequately conduct their own security overhaul without outside help is small. New options, however, are emerging that can provide the requisite expertise and resources to rival the hackers in sophistication.

One option is the use of a managed security service provider (MSSP). Under this model, a health care organization can outsource all or part of its IT security function to an external security specialist, receiving around-the-clock network monitoring, incident tracking and immediate incident response. These firms use sophisticated hardware and software to supplement an organization’s security infrastructure, while allowing normal communication channels and data resources to remain usable.

Security is complicated and it’s a moving target. However, with the right technological tools, security concerns need not hinder an organization’s growth or prevent it from using data assets to improve care delivery, quality and financial performance.

Jared Rhoads is a senior research specialist in the Global Institute for Emerging Healthcare Practices, the applied research group of Computer Sciences Corp.’s health care division.

Neuroscientist reveals a new way to manifest more financial abundance

Breakthrough Columbia study confirms the brain region is 250 million years old, the size of a walnut and accessible inside your brain right now.

Learn More

Picture of Justin Brown

Justin Brown

Justin Brown is an entrepreneur and thought leader in personal development and digital media, with a foundation in education from The London School of Economics and The Australian National University. As the co-founder of Ideapod, The Vessel, and a director at Brown Brothers Media, Justin has spearheaded platforms that significantly contribute to personal and collective growth. His deep insights are shared on his YouTube channel, JustinBrownVids, offering a rich blend of guidance on living a meaningful and purposeful life.

TRENDING AROUND THE WEB

If you recognize these 7 signs, you grew up with very little positive reinforcement

If you recognize these 7 signs, you grew up with very little positive reinforcement

The Blog Herald

7 unique habits of a truly empathetic woman

7 unique habits of a truly empathetic woman

Global English Editing

If you really want to be a true alpha in life, say goodbye to these 7 behaviors

If you really want to be a true alpha in life, say goodbye to these 7 behaviors

Personal Branding Blog

8 signs a friend is quietly jealous of your success in life, according to psychology

8 signs a friend is quietly jealous of your success in life, according to psychology

Small Business Bonfire

If a man displays these 10 behaviors, he wants to spend his life with you

If a man displays these 10 behaviors, he wants to spend his life with you

The Vessel

People who flourish in their later years tend to follow these 8 practices

People who flourish in their later years tend to follow these 8 practices

Jeanette Brown