What if a criminal held your healthcare information for ransom, so you and your doctor had no way of accessing critical medical records?
The adoption of electronic healthcare records has brought to light a plethora of security concerns. Worries about unauthorized access, information breaches, and questions about how the proliferation of sensitive data could impact a patient’s future are very real threats, and they must be addressed sooner rather than later. HIPAA goes a long way to help regulate how this sensitive data can be viewed and shared, but what happens when a hacker finds a weakness in the system?
We’ve seen this happen in other industries time and time again: a hacker finds a weakness and takes advantage. Unfortunately, this has now become a reality for the healthcare industry as well. Recently at a medical practice in Illinois, a hacker was able to encrypt the organization’s electronic records, then demand ransom for a password that would allow them to unlock the data. The organization responded appropriately, immediately turning off the server and contacting authorities.
The practice was then required to disclose the nature and scope of the breach to the Office of Civil Rights (OCR), to be added to what is known in the healthcare industry as The Wall of Shame. According to the OCR, the healthcare records of 20,970,222 people have been compromised since September 2009. In this case, the breach was listed under the category “other”. I guess there haven’t been many attempts at extortion via medical records so far, but as we approach nearly 21 million people affected, breaches like the Illinois extortion attempt could very well increase. Will “extortion” be a category in the future?
Let us know your thoughts on this topic in the comments below, and be sure to follow @McAfeeBusiness on Twitter for the latest updates on industry news and events.
By Kim Singletary
