Is Your Medical Information Safe from Cyber Attacks?

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.healthcanal.com/public-health-safety/68506-is-your-medical-information-safe-from-cyber-attacks.html

Over 4.5 million Americans had private information stolen through a
security breach of Community Health Systems, a network of over 200
hospitals across 20+ states in August of 2014. Social security numbers,
home addresses, and telephone numbers were some of the personal details
acquired by hackers originating in China.  Medical information itself was
not successfully stolen, but the breach was enough for the hospital network
to become exposed to another threat: lawsuits filed by state attorneys
general.

Six months later, in early February 2015, hackers gained access to the
personal information of 80 million people courtesy of a fault in the cyber
security of Anthem Inc., which insures only about half that number of
Americans. Once again virtual thieves made off with social security numbers
and other classic tokens of identity but failed to get their hands on
medical records. Yet once again this breach was enough to warrant the
response of attorneys general across the country.

Central to potential pending legal cases against Community Health Systems,
Anthem Inc., and other breached healthcare providers is the argument they
are not protecting patient information under the Health Insurance
Portability and Accountability Act. In many cases a simple investment in
online protection from viruses is enough to thwartthese sorts of successful
attacks. Up-to-date encryption and security is essential, yet many
hospitals and health insurance providers lag behind other industries in
investing in these measures.

What can patients do to make sure their digital medical records are
adequately secure? According to the U.S. Department of Health and Human
Services, healthcare providers and insurers have a responsibility to
provide a series of security measures in the protection of patient records.
Ask and always make sure the hospitals, clinics, and insurance companies
you and your loved ones depend on adhere to the following cyber-protective
measures:

-Provide patients with personal identification numbers, passwords, and
other unique login information. This helps to prevent unauthorized access
to information available online.

-Encrypt the data. This basically means converting the data into a code
incomprehensible without the right decoder. It's an extra layer of digital
protection making it many degrees more difficult to gain unauthorized
access.

-Audit the access. Keeping records of who accessed your records, when they
did, and what, if any, changes were made in the process.

So is your medical information safe from cyber attack? Time will ultimately
tell, but so far it seems like medical information is itself rarely, if
ever, successfully stolen. Cyber criminals adapt, though, and the
healthcare services you and your loved ones depend on must evolve ahead of
them.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!