Health Care Law Blog
As hospitals and doctors across the country become more technologically sophisticated and use more and more medical devices that are connected to the Internet in some fashion, they are increasingly being attacked and compromised by sophisticated cyberattacks. Attacks on US hospitals’ medical data – which put patient records and personal information at risk – have more than doubled since 2010, according to a new study by the Ponemon Institute.
In its report, the Ponemon Institute states that 90 percent of health care institution respondents had at least one data breach in the last two years, while 38 percent had more than five data breaches during that same time period. While many of these breaches stemmed from lost or stolen computers, technical glitches, and third-party problems, several were due to criminal attacks.
Current events remind us that hospital data breaches are a real threat with serious implications. As reported by The Detroit Free Press, a criminal investigation is currently underway relating to a breach of personal patient information involving as many as two Detroit area hospital systems. The U.S. Secret Service is leading the investigation, which stems from the theft of personal information of more than a thousand Harper University Hospital patients. The information was found in the possession of a hospital employee during an identity theft investigation. No information was given on how or when the breach occurred, and no charges have yet been brought.
The Ponemon Institute report also found that nearly 70 percent of respondents believe the Affordable Care Act has increased security risks to patients due to inadequate security measures, and as more patient information is being placed online, in part through the growing network of federal and state health insurance exchanges.
Employee negligence is cited as the biggest security risk. Examples cited include lost laptops and connecting to unsecure networks. On a (somewhat) positive note, the report indicated that data breaches cost hospitals $5.6 billion, which is down from $7 billion cited in last year’s report.
Want more? Another recent report addressing cyberattacks and hospitals was published by Norse, a Silicon Valley cybersecurity firm, and SANS, a security research institute.
As data security is increasingly becoming an issue hospitals face, make sure you have the correct policies in place and are effectively securing patient information. We encourage you to contact Nicole Stratton at nstratton@fosterswift.com with any questions or concerns.
