Major Health Data Breach is Just the Tip of the Iceberg

Community Health Systems Inc., one of the country's largest hospital groups, revealed that it was the victim of a major patient data breach following a cyber attack from China. While no health data was stolen, the personal information of approximately 4.5 million patients – including Social Security numbers – was obtained by the hacker group. Last month, the Secure ID Coalition alerted the public to the dangers of lax heath data standards.

The healthcare industry severely lags behind other industries when it comes to cybersecurity and securing consumers personal information. The situation is so dire that last April it prompted the FBI to issue a special warning to health care systems and medical device manufacturers. The warning cites the "mandatory transition from paper to electronic health records (EHR), lax cybersecurity standards, and a higher financial payout for medical records in the black market" as the primary reasons for increased cyber intrusions. Last May, the Justice Department indicted five Chinese nationals it accused of coordinating cyberattacks against the United States. However, attacks originating in China have not shown any sign of decreasing since the indictment.

At the end of the day, any successful attempt to boost health data security will require input from providers, government agencies, and the general public. Without meaningful incentives from regulators and patients, providers will continue to forgo an active approach on the issue, mainly because investments in improved security generally fail to yield tangible financial benefits over the short term. For example, as College of Healthcare Information Management Executives President Russell Branzell noted, "You care not going to get a big return on investment from being more secure. Security systems cost millions, and many hospital systems are financially strapped." And all of this comes at a time when the Administration and regulators are pressuring health systems to lower costs for patients, especially on the new Affordable Care Act exchanges.

Provider sentiments are neatly summarized in a statement by Easton Hospital, a Community Health center located in Pennsylvania: "It is up to the federal government to create a national cyberdefense that can prevent this type of criminal invasion from happening in the future." While Congress has been unable to get much of anything done lately, progress is easier to come by on the regulatory front. It was for this reason that the Secure ID Coalition has filed several rounds of comments with the Department of Health and Human Services. Our most recent comments, submitted last year, advised the National Coordinator for Health Information Technology to precondition provider's receipt of IT funds distributed under Electronic Health Record Incentive Programs on the adoption of more secure identity authentication systems. While HHS failed to heed our warning, regulators and patients should continue to pressure providers to adopt more sophisticated authentication policies and technologies.


+1 # anna82 2015-02-26 13:36
I can recommend African Mango, it helped me a lot.
Reply | Reply with quote | Quote
+1 # anna82 2015-03-02 12:53
Reply | Reply with quote | Quote
0 # profile 2018-10-31 14:46
Need cheap hosting? Try webhosting1st, just $10 for an year.

Reply | Reply with quote | Quote

Add comment

Security code

Learn How