Hackers Declare War on Health Care and Industry Fights Back
"It's a war we're in." That's how John Halamka, the chief information officer of Boston-based Beth Israel Deaconess Medical Center, described the current state of affairs between the health care industry and the hackers and identity thieves who are trying to steal patient records.
A recent Boston Globe article detailed the threat and provided some interesting - and sobering - statistics and information:
- There is high demand for health records, and a single health record may be worth $50 according to the FBI
- Criminal intrusions into health care systems have risen 100 percent in the past four years
- Of 614 total identity theft breaches in 2013, 269 (43.8 percent) were in health care (the most of any industry)
- Despite being the subject of the most attacks, a recent study by BitSight Technologies found that health care providers are the slowest in any industry to respond to data breaches.
Hackers are motivated to target health records in order to facilitate identity theft, financial fraud and illegal drug use. The Boston Globe article, in particular, highlighted two recent incidents involving cyber-security breaches: (1) Chinese hackers seized the personal information of 4.5 million patients at a Tennessee-based hospital network, and (2) federal officials disclosed on September 4 that a hacker managed to install malicious software on HealthCare.gov.
Several reasons are proposed in regard to why the health care industry is vulnerable to these attacks:
- The recent transition to digital records, spurred by federal mandates;
- The lack of a federal law that mandates specific security procedures that must be followed;
- Low IT budgets (2 to 3 percent of budget in health care versus 20 percent in retail and financial); and
- Increasing sophistication of data thieves.
These events are driving change in the industry, forcing hospitals and health care providers to expend more human and financial resources to combat these risks. The federal government is adding extra incentive too, as the US Department of Health and Human Services (HHS) is taking a more aggressive approach on penalties for medical facilities that fail to protect patient data. According to the article, in May HHS fined New York Presbyterian Hospital and Columbia University Medical Center $4.8 million for the disclosure of nearly 7,000 medical records due to lax technical safeguards.
While some efforts have been made in the health care industry, there is also a growing consensus that the Affordable Care Act, which will result in more patient information being placed online, may lead to greater IT and cyber-security risks. This is consistent with the findings of a study done by the Ponemon Institute, which we wrote about on this blog in March.
As data security is increasingly becoming an issue hospitals face, make sure you have the correct policies in place and are effectively securing patient information. We encourage you to contact Nicole Stratton at firstname.lastname@example.org or Nick Oertel at email@example.com with any questions or concerns.
- HITECH Act
- Electronic Health Records
- Department of Labor
- Accountable Care Organizations
- Alerts and Updates
- Workers' Compensation
- News & Events
- Health Insurance Exchange
- Did you Know?
- Labor Relations
- Legislative Updates
- Medicaid Planning
- Fraud & Abuse
- COVID-19 and Workers' Compensation
- Digital Assets
- Long-Term Care
- Affordable Care Act
- Health Care Reform
- 6th Circuit Court of Appeals
- Employee Benefits
Best Lawyers® 2021
Congratulations to the attorneys of the Health Care practice group at Foster Swift Collins & Smith, PC for their inclusion in the Best Lawyers in America 2021 edition. Firm-wide, 44 lawyers were listed. Best Lawyers lists are compiled based on an exhaustive peer-review evaluation and as lawyers are not required or allowed to pay a fee to be listed; inclusion in Best Lawyers is considered a singular honor. Health Care practice group members listed in Best Lawyers are as follows:
To see the full list of Foster Swift attorneys listed in Best Lawyers 2021, click here.