Healthcare data breaches happen more often than you think. Here are the biggest breaches in healthcare data and what you can learn from them.
Are you concerned that your patients' records and information aren't as secure as they should be?
Perhaps you think you're HIPAA compliant and that your current healthcare security strategy is infallible. But how certain are you, really?
In this post, we'll tell you about some of the largest security breaches in healthcare.
Then, we'll let you know a few of the steps that you can take to stop something similar from happening in your own practice or hospital.
Your patients' data is simply too important -- and the cost to your business too high -- to fail to protect.
Read on to learn about doing your due diligence when it comes to preventing healthcare data breaches.
Premera Blue Cross and Anthem Blue Cross
In January of 2015, Blue Cross, one of the world's biggest health insurance providers, was the target of two enormous cyber attacks.
The worst part?
Both of these healthcare data breaches occurred within six weeks of one another.
The private medical information of a shocking 11 million people was hacked into and compromised in the Premera attack alone. In addition to private medical information, financial information was also exposed.
The hackers got control of Social Security numbers, bank accounts, dates of birth, and much more.
What made it even more complicated was the fact that high-powered employees of companies like Microsoft and Amazon had their information compromised.
The Premera attack alone led to Blue Cross getting hit with five serious lawsuits.
Later on, the Anthem medical data breach led to an incredibly high $115 million settlement, as it resulted in the medical information of a whopping 79 million people being hacked.
So, how did it happen?
While exact details remain unknown even know, the hackers were able to break into the parent company of Blue Cross's IT systems. The hackers invented a fake domain that somehow made it through the cybersecurity system.
They used this to then create multiple subdomains, which then tricked employees into thinking that they were assessing legitimate websites from Blue Cross, Anthem, and Premera.
Through these methods, the hackers were fairly easily able to get access to information like passwords, logins, and eventually, the entire system as a whole.
To prevent these sort of complicated phishing attacks from happening to you, we suggest that you:
- Update your web browser
- Avoid clicking pop-ups
- Enable firewall
- Install anti-phishing tools/software
- Avoid opening suspicious/unknown emails
- Install anti-virus software
Community Health Systems
In April and June of 2014, another one of the largest healthcare data breaches of all time unfortunately took place.
This time, the target was Community Health Systems, which resulted in the records of about 4.5 million people being exposed.
So, what type of information ended up being compromised?
Everything from patient's contact information and birthdays to their Social Security numbers.
What's worse, the hackers didn't just get the information of current Community Health Systems patients. They were also able to access the information of those who had gotten treatment at one of the hospitals that was owned by Community Health Systems.
The information of patients that had been referred to a Community Health Systems hospital by their own healthcare provider was also compromised within the attack.
But how did this devastating hospital data breach take place?
The information was compromised at the hands of Chinese hackers through the use of malware. It's thought that the hackers were actually looking for property information on things like medical equipment.
But what they stumbled on instead was customer and patient data.
Though Community Health Systems was able to eliminate the malware from their system, the attack left a serious mark on its reputation.
How can you protect yourself from malware and a resulting health information breach?
First of all, rely on a team of security professionals to back up your website, network, and data. You can do this on your own as well, through a hard drive -- but professional cloud storage is often more secure.
Also, make sure that you frequently change your passwords, and that you're not using the same password for multiple accounts.
Install an adblocker, and make sure that you're only downloading things on your computer that are absolutely essential.
Guarding Against Security Breaches in Healthcare
We share this information on healthcare data breaches with you not to scare you, but instead to let you know how easy it is for even huge companies to end up getting hacked.
That's why professional healthcare data security and management is likely the best solution for your practice or hospital.
When you're looking for healthcare security solution, ensure that they can help you to assess your overall HIPAA compliance, search for potential gaps and risks, and to keep track of the potential threats that you may face.
You'll also need to look for a solution that can help you to identify unauthorized users or software, and that can generate frequent security reports to help you to stay on top of any suspicious activity.
Stop Healthcare Data Breaches: Wrapping Up
We hope that this post has helped you to understand just how large the scale -- and the resulting lawsuits -- of healthcare data breaches can be.
Remember to frequently update your software, avoid opening suspicious or unfamiliar emails, and to consider working with professional security and records management solutions.
Are you interested in learning more about the best ways to protect the personal information of your patients?
Spend some time on our website to learn more about our services. When you're ready to improve your security, reach out to us.