Some say privacy is a luxury of the past. We live in a world where our every move is tracked online, whether it’s by what we are searching on Google, what we’re shopping for on Amazon, or whom we friends with on Facebook. Our Internet activity is constantly being analyzed to manipulate us, such as how advertisers use our information to personally show us products that they want us to think we need. Information that we thought was deleted long ago may still be floating somewhere in the elusive “cloud,” ready to be stolen and used against us.
With all of that information existing on the Internet, it’s no surprise that data breaches happen so often. Even our medical records are not safe, as health care data seem to have become increasingly targeted. According to the Identity Theft Resource Center, the health care sector accounted for nearly 44% of major data breaches reported in 2013. It was the first time that the medical industry suffered from more data breaches than any other.
Most recently, a group of Chinese hackers breached a computer network linking hundreds of hospitals across the US and stole the personal information of 4.5 million patients. The hospitals affected were those owned by Community Health Systems (CYH), which operates 206 hospitals throughout the US. The organization said in a Securities and Exchange Commission filing that anyone who received treatment from a doctor’s office affiliated with a CYH-owned hospital in the past 5 years could be subject to their information being used without their consent. The hackers got their hands on patient names, Social Security numbers, addresses, birth dates, and telephone numbers.
Medical records are sought after by hackers because they conveniently contain the information needed for identity theft. “Medical records provide identity theft on a platter,” said Bill Tanenbaum, a New York attorney with the firm Kaye Scholar who focuses on data security privacy and corporate transactions. “Names, addresses, Social Security numbers, mothers’ maiden names and credit card information for insurance co-payments are all available in one place and provide both convenience and completeness for a cyberhacker, whether or not any medical treatment history is exposed or stolen,” he added. “Another reason why patient health care is stolen is because hackers resell insurance or medical profiles to allow third parties to get medical treatment and have someone else’s insurance or Medicare credentials pay for it.”
The breach highlights how valuable medical records are to cyber criminals, and there is concern over the industry’s ability to prevent and respond to data breaches. According to a 2013 survey conducted by the Healthcare Information and Management Systems Society, about 69% of health security individuals said that their organization has a data breach plan in place, and another 27% said they were still developing one. The report concluded that, “Despite the advances healthcare organizations have made in their security environment, there is still room for improvement.”
Does your organization include a data breach plan? In what ways do you think the health care industry can improve in order to protect the valuable medical information of your patients?
- ITRC 2013 breach list tops 600 in 2013. Identity Theft Resource Center website. Updated February 20, 2014. http://www.idtheftcenter.org/ITRC-Surveys-Studies/2013-data-breaches.html.
- Millman J. Health care data breaches have hit 30M patients and counting. The Washington Post website. August 19, 2014. http://www.washingtonpost.com/blogs/wonkblog/wp/2014/08/19/ health-care-data-breaches-have-hit-30m-patients-and-counting.
- Stone J. Chinese hack of 4.5 million hospital records is ‘identity theft on a platter’ for cyber criminals. International Business Times website. August 19, 2014. http://www.ibtimes.com/ chinese-hack-45-million-hospital-records-identity-theft-platter-cyber-criminals-1663066.