Health Care Law Blog

"It's a war we're in." That's how John Halamka, the chief information officer of Boston-based Beth Israel Deaconess Medical Center, described the current state of affairs between the health care industry and the hackers and identity thieves who are trying to steal patient records.

A recent Boston Globe article detailed the threat and provided some interesting - and sobering - statistics and information:

• There is high demand for health records, and a single health record may be worth $50 according to the FBI
• Criminal intrusions into health care systems have risen 100 percent in the past four years
• Of 614 total identity theft breaches in 2013, 269 (43.8 percent) were in health care (the most of any industry)
• Despite being the subject of the most attacks, a recent study by BitSight Technologies found that health care providers are the slowest in any industry to respond to data breaches.

Hackers are motivated to target health records in order to facilitate identity theft, financial fraud and illegal drug use. The Boston Globe article, in particular, highlighted two recent incidents involving cyber-security breaches:  (1) Chinese hackers seized the personal information of 4.5 million patients at a Tennessee-based hospital network, and (2) federal officials disclosed on September 4 that a hacker managed to install malicious software on HealthCare.gov.

Smartphone usage has skyrocketed in the past few years.  Physicians are no exception to the trend - with more than 81% of physicians using smartphones.  Disturbingly, the number of health data breaches has risen in tandem with increased smartphone usage, and most experts agree that the increase is no coincidence.

Recent reports have indicated that 96% of all health care organizations have experienced at least one data breach during the past two years. Although the report did not detail the number of data breaches attributable to mobile devices, there is agreement that the widespread use of mobile devices is putting patient data at risk.