Skip Links

Healthcare organizations feeling cyberattacks growing

The other pressure: The surprise HIPAA security audit from the feds

By , NetworkWorld.com
February 27, 2008 06:10 PM ET

NetworkWorld.com - Healthcare organizations feel under increasing attack from the Internet, while security incidents involving insiders and disappearing laptops with sensitive data are piling up. On top of that, there's now the prospect of a surprise audit from the federal government agency in charge of overseeing the Health Insurance Portability and Accountability Act security and privacy rules.

Healthcare organizations are stepping up efforts to protect electronic patient information as they witness increased attacks against hospital networks, mindful how a data breach could hurt patients and their own reputations.

“There is definitely an uptick in attacks,” says Dr. John Halamka, CIO at both Beth Israel Deaconess Medical Center and Harvard Medical School in the Boston area. “Privacy is the foundation of everything we do. We don’t want to be the TJX of healthcare.” TJX is the Framingham, Mass-based retailer which last year disclosed a massive data breach involving customer records.

Dr. Halamka, who this week announced a project in electronic health records as an online service to the 300 doctors in the Beth Israel Deaconess Physicians Organization, acknowledges computers in healthcare are sometimes compromised as spam relays or to host unauthorized content such as porn.

“It gives attackers a means to distribute it,” says Halamka. While he has seen no evidence of attackers targeting healthcare networks to steal patient data for financial gain, other security experts say that dangerous trend is well underway.

“Healthcare organizations store a lot of valuable personal, identifiable information such as Social Security numbers, names, addresses, age, in addition to banking and credit-card information,” says Don Jackson, researcher at Atlanta-based security services firm SecureWorks.

SecureWorks has recorded an 85% increase in the number of attempted attacks directed toward its healthcare clientele by Internet hackers, with these attempts jumping from 11,146 per healthcare client per day in the first half of 2007 to an average of 20,630 per day in the last half of last year through January of this year.

SecureWorks believes that some of the most sought-after information is from patients who are members of preferred medical network plans, which hackers turn around and sell as credentials to criminals specializing in illegal immigration.

“Credentials information is usually stolen via targeted cyber attacks,” says Jackson, adding he’s seen several cases where health insurance credentials were sold to criminals in the counterfeit document racket, especially in Central and South America.

Insider attacks, too, are also a worry.

Tenet Healthcare, which owns more than 50 hospitals in a dozen states, last month disclosed a security breach involving a former billing center employee in Texas who pled guilty to stealing patient personal information. He got nine months in jail.

And in an identity fraud case in Sarasota, Fla. last month, an office cleaner who gained access to the patient files of an anesthesiologist who rented an office at HealthSouth Ridgelake Hospital pled guilty to fraud for ordering credit cards on the Internet with stolen patient personal information. He got two years jail time.

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News