Over 4.5 million Americans had private information stolen through a security breach of Community Health Systems, a network of over 200 hospitals across 20+ states in August of 2014. Social security numbers, home addresses, and telephone numbers were some of the personal details acquired by hackers originating in China. Medical information itself was not successfully stolen, but the breach was enough for the hospital network to become exposed to another threat: lawsuits filed by state attorneys general.
Six months later, in early February 2015, hackers gained access to the personal information of 80 million people courtesy of a fault in the cyber security of Anthem Inc., which insures only about half that number of Americans. Once again virtual thieves made off with social security numbers and other classic tokens of identity but failed to get their hands on medical records. Yet once again this breach was enough to warrant the response of attorneys general across the country.
Central to potential pending legal cases against Community Health Systems, Anthem Inc., and other breached healthcare providers is the argument they are not protecting patient information under the Health Insurance Portability and Accountability Act. In many cases a simple investment in online protection from viruses is enough to thwart these sorts of successful attacks. Up-to-date encryption and security is essential, yet many hospitals and health insurance providers lag behind other industries in investing in these measures.
What can patients do to make sure their digital medical records are adequately secure? According to the U.S. Department of Health and Human Services, healthcare providers and insurers have a responsibility to provide a series of security measures in the protection of patient records. Ask and always make sure the hospitals, clinics, and insurance companies you and your loved ones depend on adhere to the following cyber-protective measures:
-Provide patients with personal identification numbers, passwords, and other unique login information. This helps to prevent unauthorized access to information available online.
-Encrypt the data. This basically means converting the data into a code incomprehensible without the right decoder. It’s an extra layer of digital protection making it many degrees more difficult to gain unauthorized access.
-Audit the access. Keeping records of who accessed your records, when they did, and what, if any, changes were made in the process.
So is your medical information safe from cyber attack? Time will ultimately tell, but so far it seems like medical information is itself rarely, if ever, successfully stolen. Cyber criminals adapt, though, and the healthcare services you and your loved ones depend on must evolve ahead of them.