Healthcare Attorneys Feel the Healthcare Industry Is More Vulnerable to Cyberattacks
Electronic medical records have many advantages, but a growing concern with this system is their vulnerability to cyberattacks.
In an earlier post, we had talked about the advantages and challenges attorneys have with computerized medical documentation and many attorneys find medical review services helpful to address the challenges effectively. A major advantage of electronic medical records is that they are easily accessible and more organized. However, a growing concern with this system is their vulnerability to cyberattacks. This topic is high priority this month because October is National Cyber Security Awareness Month – an annual campaign in the U.S to increase awareness of cybersecurity. Alarming Statistics from the GAO The GAO (Government Accountability Office) points out that the magnitude of the threat against healthcare information has grown exponentially. As per the GAO’s new report, around 113 million electronic health records were breached in 2015 which is a major increase from the 12.5 million the year before. This number was less than 135, 000 in 2009. Cyberthieves are becoming more innovative and are increasingly successful in their endeavors to steal personal information ranging from social security numbers to health conditions of individuals. This type of information is valuable for use or sale, which accounts for the increasing number of cyberattacks. Major Breaches Notable data breaches include those that occurred with
Anthem Inc., part of the Blue Cross and Blue Shield Association in January 2015 -– hackers obtained personal information such as names, social security numbers, dates of birth, home addresses, e-mail addresses, healthcare ID numbers, income data etc.— of around 79 million people.
Premera Blue Cross, primarily working in Alaska and Washington -– they discovered in January 2015 that cyberattackers had gained unauthorized access to their IT systems. The first attack occurred in May 2014 and personal information from 11 million records was stolen.
Community Health Services –- In July 2014, they found that hackers gained access to valuable information such as patient names, birth dates, addresses, telephone numbers and social security numbers of at least 4.5 million people.
www.mosmedicalrecordreview.com
1-800-670-2809
University of California at Los Angeles (UCLA) –- In May 2015 they reported that cyber criminals stole considerable data including personally identifiable information (PII) from their database.
In the United States, healthcare has been declared part of the nation’s critical infrastructure, which highlights its highly significant status. The GAO points out that the “incapacity or destruction of such systems and assets would have a debilitating impact on the national public health or safety, nation’s security, or national economic security.” What Healthcare Attorneys Say This serious concern has been once again brought to notice by a recent nationwide survey of around 300 healthcare attorneys conducted by Bloomberg Law and the American Health Lawyers Association. Here are the major findings of the research as per the press release regarding the survey.
Majority of healthcare attorneys are closely involved in managing security issues.
84% (more than 8 in 10) attorneys were called upon to evaluate whether a security incident implicates reporting obligations. They were asked to develop applicable internal procedures and policies. 97% of responding healthcare attorneys believes that their involvement in cybersecurity matters will increase over the next 3 years. More than 7 in 10 are developing their own data security expertise to meet this growing demand.
Corporate attorneys as well as law firm attorneys feel that they are prepared to respond to a cyberattacks or data breach. They are concerned though that the plans they have in place may be inadequate. 40% of all attorneys are of the opinion that the plans are too generic; moreover, they fall short of specific guidance for the particular incidents their clients/organizations may face. The plans have also not been properly tested ahead of an actual data breach incident. One-third of the attorneys surveyed said that the plans are not updated to allow for the most recent types of cyberthreats or organizational changes.
Experts emphasize that much more needs to be done to ward off cyberattacks. They feel that formal cybersecurity education and training must be made more effective and comprehensive for healthcare lawyers, for which reliable external resources and professional organizations
www.mosmedicalrecordreview.com
1-800-670-2809
can be utilized. This will help healthcare attorneys provide effective counsel for their clients as regards preventing and responding to cyberattacks. Lifesaving Medical Devices Also Under Threat On another issue, cyber security threats exist now for lifesaving medical devices as well – a very grim consideration indeed! Hackers have the capability to attack implantable, wireless medical devices and other lifesaving medical equipment. Examples include:
Johnson & Johnson announced earlier this month that one of its insulin pumps (J & J Animas OneTouch Ping) could be hacked. The warning went out to 114,000 diabetic patients warning them that the attack could disable the pump or alter the dosage.
MedSec, a cybersecurity firm brought to light a fatal security vulnerability associated with defibrillators and pacemakers manufactured by St.Jude Medical, which endangered the lives of patients using these devices.
A $17,000 ransom was paid to a criminal enterprise that attacked Hollywood Presbyterian Hospital’s system and encrypted the data contained therein.
The threat to patient safety is huge if medical devices are compromised. Moreover, security experts are really concerned that hackers might break into hospital firewalls and seal patient data. They could also control vital equipment’s (such as ventilators, heart monitors and medication pumps) functioning. Cyber experts warn that ransomware used to compromise medical devices is the single biggest cyber security threat for 2016 – this is according to a recent research report from Forrester. To handle the challenges and risk involved, the FDA is carefully working to update its digital security guidelines and recommendations especially because more medical devices are connected to the Internet now. There is no doubt that medical device manufacturers and organizations that develop innovative technology must improve their security protocols. Similarly hospitals, clinics, physician offices and other healthcare entities must obtain the support of reliable cybersecurity firms so that effective security measures can be implemented to ensure patient data, patient safety as well as the safety of any medical equipment they may be using.
www.mosmedicalrecordreview.com
1-800-670-2809