Gaithersburg, May 2015 -

The healthcare industry has been the hardest industry hit by hacking. For three years in a row, healthcare has reported the highest number of breaches and accounted for 42.5 percent of cyber attacks in 2014, according to the Identity Theft Resource Center. This year looks to be another difficult year for the healthcare industry. A report from Experian suggests that healthcare cyber attacks could reach $5.6 billion this year.

One of the problems is that data security hasn’t been a top priority for many health care organizations. The healthcare industry spends very little on IT compared to other industries making them more vulnerable to cyber crime. Digitization of records is moving at a fast pace without the proper protection in place to keep these digital records safe from hackers.

Since data security is often lax within the healthcare industry, hackers are targeting systems that store troves of valuable personal information held in electronic medical records. According to Websense researchers, they’ve observed a 600 percent increase in attacks on hospitals over the past 10 months.

These are just a few of the reported U.S hospital data breaches in 2014

1. Large data breach puts people at heightened risk of identity theft.
Community Health Systems, which operates 206 hospitals across the United States, announced that hackers recently broke into its computers and stole data on 4.5 million patients. Hackers have gained access to their names, Social Security Numbers, physical addresses, birthdays, and telephone numbers. Anyone who received treatment from a network-owned hospital in the last five years — or was merely referred there by an outside doctor — is affected. The fraud allows criminals to open bank accounts and credit cards on their behalf, take out loans, and ruin personal credit history. Meanwhile, those affected are dealing with their personal illnesses in addition to identity theft.


2. Data breach results in $4.8 million HIPAA settlements
Two healthcare organizations have agreed to settle charges that they potentially violated the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy and Security Rules by failing to secure thousands of patients’ electronic protected health information (ePHI) held on their network. The monetary payments of $4,800,000 include the largest HIPAA settlement to date.

3. Six plaintiffs are suing six Mississippi hospitals and their parent company, alleging the facilities did not properly secure sensitive patient information.
The complaint, filed Sept. 11 in federal court in the Southern District of Mississippi, says the plaintiffs were patients at the hospitals, and are at increased risk of identity theft because identifying information was made available to "thieves and hackers."
The hospitals listed as defendants are Central Mississippi Medical Center in Jackson, River Region Medical Center in Vicksburg, Madison River Oaks Hospital in Canton, Crossgates River Oaks Hospital in Brandon, River Oaks Hospital in Flowood, and Natchez Community Hospital.

4. Tampa, Florida -- A data breach at a local hospital had nearly 700 patients' private information stolen. It happened at Tampa General Hospital.
The hospital takes responsibility and says it has fired an employee accused of printing off 675 "face sheets."

5. Aventura Hospital and Medical Center reports data breach
A company called Valesco Ventures sent a letter to Aventura Hospital and Medical Center patients about the most recent case of identify theft. Valesco "provides hospital staffing and ancillary services" according to the letter dated Sept. 9, 2014.
According to Valesco manager Terry Meadows, M.D., the company was told last May "an employee may have improperly accessed the personal identifying information of a number of patients of Aventura Hospital." That information included names, dates of birth and Social Security Numbers, but according to Valesco, "No personal financial or health information was improperly accessed." One patient told Local 10 News reporter Christina Vazquez that someone filed a tax return using her Social Security number.

Conclusion

These are only a few data breaches that have occurred in 2014 alone and it isn’t expected that it will let up in 2015. The healthcare breach drama is one that will never end.
Cyber threats will always be present for a multitude of reasons. Not only will medical records and personal health information always be valuable, but conditions are changing and hackers are becoming more innovative in their approach. It's an ongoing race that never stops as hackers continue to come up with malicious code and new innovative techniques to steal data.
We are never going to be completely protected from hackers. The best we can do is have a reputable information assurance company watching over our organization’s systems at all times, this is the best and most effective known solution outside of just shutting down the internet completely and going back to paper files.

Redport’s President & CEO Steve Reinkemeyer quotes;

“It is vitally important for those in the healthcare industry such as hospitals, clinics, medical billers, etc., to stay vigilant in cyber security and information assurance. Patients and their families have enough stress to deal with without the added stress of mitigating the invasion of identity theft. As more in the healthcare industry begin to put data security in the forefront, we hope to see this negative trend begin to move the other way.”


For more information about Redport’s information assurance and cyber security services, visit www.redport-ia.com, email us at info@redport-ia.com, like us on Facebook, and follow us on Twitter@redport_ia.

- Suzanne Gonzalez

Gaithersburg, MD, USA