News Feature | September 10, 2014

Patient Data Loss Is A Problem In The Majority Of U.S. Hospitals

By Megan Williams, contributing writer

Patient Data Loss Problem

The healthcare industry has seen more data breaches than the military and banking sectors combined.

A study by the Ponemon Institute as reported by CNN Money, showed that 90 percent of health care organizations have exposed their patient data to loss or theft in 2012 and 2013. As of the second week of last month, the industry has been hit with 204 incidents, and has lost 2.1 million records, not including the 4.5 million names and social security numbers taken from the Community Health Systems network earlier last week.

Why Is Healthcare A Popular Target?

The relative popularity of healthcare among hackers and identity thieves is not entirely unexpected. An individual medical record can bring $50 on the black market — that’s 50 times the top value of a credit card. Once those records are obtained, they can be used to fraudulently bill insurance companies or even Medicare. Thieves can also take patient identities to set up free consultations or obtain prescription medications that can be sold on the streets.

Clinics Are Feeding The Fire

In the meantime, paper charts are disappearing and EHR systems are becoming the norm. Unfortunately, this shift is happening without facilities paying enough attention to the steps needed to protect the files.

According to J.D. Sherry, hospital advisor for cyber security firm, Trend Micro, “They can't keep up (with hackers). Their resources are tremendously overwhelmed. With day-to-day business, IT security is not top of mind.”

Additionally, patient records are often not encrypted and are kept on the same network used for general hospital business — this means that once hackers breach the gates of the general hospital system, they don’t have anything stopping them from accessing patient information.  To make matters worse, many facilities and doctors are using obsolete technology that has multiple issues around security updates. Community Health’s leak, for example, was directly linked to the Heartbleed bug from earlier this year.

Facilities Can Protect Themselves

According to Health IT Outcomes, the most common types of breaches are medical record theft (affecting 17.4 million individuals), data loss (7.2 million people), hacking (3.6 million), and unauthorized account access (1.9 million). It has also identified some of the best ways to protect against future breaches,

  • Hiring new, security-focused staff
  • Implementing new security processes
  • Installing new security software
  • Meeting with boards more consistently