According to this article, the incidence of data breaches in medical and healthcare systems have increased greatly from prior years, as “over 40 million patient records were breached in 2020” alone, as the healthcare analytics and compliance company Protenus stated a few weeks ago on March 15, 2021. This is mostly due to increased attempts and attacks using ransomware by hackers as well as insiders at a company or hospital wrongfully gathering sensitive information about patients such as “date of birth, inpatient/outpatient status, contact information, and other sensitive patient information”. Overall, attempts made to hack healthcare data increased 42% since the pandemic began, which both surprises and does not surprise me given the opportunity that the pandemic gives scammers and the lack of security that healthcare companies seem to have regarding such sensitive information.
Overall, the opportunity that scammers and hackers have due to the pandemic allows for them to easily increase attempts at successfully gaining sensitive information into any company, especially healthcare companies or hospitals, since many companies, if not all, are moving to digitally store such information to allow for easier work from home for doctors, nurses, and other workers within these companies. While easier access for employees may be useful under the current circumstances, it also has proven to be very dangerous for its data security for their patients. In the case of employees misusing or stealing sensitive patient information, while employees will most certainly lose their jobs and possibly even face criminal charges for doing so, such companies should understand the risks posed by decreasing security for patients’ sensitive data and should actively work to prevent outside hackers and especially employees from easily gaining such information and harming the company as well as the patients whose information was stolen or sold to bad actors. Especially in the healthcare field, I am very surprised at the lack of security for patients’ sensitive information even given the current circumstances.
While I am surprised by the lack of security from companies that routinely handle such sensitive data for thousands of people, I am not surprised by the increase in attempts to gain such information both by disgruntled employees and outside hackers through ransomware. Even though healthcare companies are an easy target during a pandemic given the nature of the crisis, theirs is one of very few industries where such sensitive information is vital to their operations, as insurance information is necessary to make claims, and social security numbers are often required for identification purposes. Given this, it does not surprise me at all that hackers are increasing the rate of their attacks on healthcare as more and more people enter their systems and information flows more freely thanks to virtual work. Likewise, healthcare companies often have to disclose such sensitive information to the government especially regarding the pandemic to track cases, deaths, and hospitalizations, creating another opportunity for data to be breached. Overall, I am surprised by the nature of the attacks, but not the increase of them.
John, I thought this article was very interesting I agree with your surprise that companies in the healthcare business were not more attune to protecting the sensitive information of their patients. I think the move to digital information for healthcare in inevitable and will be extremely beneficial as necessary records and documentation can be sent instantaneously and with less of a chance for mistakes however it seems they do need to put a greater emphasis on security in order to insure that this transformation to the digital age does not put patients personal data at risk of being exposed to hackers and scammers.
ReplyDeleteOne of the seemingly difficult parts of the healthcare system is how much data they do need to collect about patients from SSN, to health insurance information, and personal information. It was interesting that you made the point of hospital gathering unnecessary information and I would be interest in hearing their reasoning behind why they believe it necessary to acquire that data. I think this article opens a lot of questions as to the lack of oversight within hospital administration and the potential abuse of power that this might lead too.
I was also surprised to hear to about disgruntled employees being apart of the data breaching issue. Normal people think of jobs in the healthcare field to be some of the most sought after, however, the extreme course and pressure that employees may face especially when handling a global pandemic could cause this frustration and retaliation against their employees. From the reading it seems to be a two pronged issue with one being outside bad actors attempting to hack these systems to gain access to the valuable information but the other issue being internal with the overreach of data collection and the misuse of this information by employees.
I think the healthcare system needs to face increased scrutiny about this issue because if we see a rise in attempts to hack data of 42% the threat is only increasing and without a proper response this could pose a very dangerous issue to all those apart of the system, including patients but also employers. One solution I could see is trying to restrict the amount of information given facilitate a more need to know basis versus such wide swarth of collection every time a patient attends a hospital. This could help limit the exposure of sensitive information given a potential breach. I think ultimately though healthcare firms will need to invest greater resources in securing patients data both from potential hacks on the inside and outside from updated data infrastructure.
I found this article super interesting, and it is sort of like my blog where I wrote about how Facebooks user's data was getting leaked. I think overall, the fact that so many people's data is getting leaked is just overall unacceptable and ridiculous. I am not even surprised anymore that this happens, because I read so much about data now and it always comes up that millions of people's data is being leaked. I just find it odd that all we hear about is how great technology and security is these days, yet some of the largest and most important corporations and places like Facebook and hospitals can’t keep the data secure. I think two things need to happen when it comes to this. First, we need to raise more awareness when it comes to people having their personal data leaked. It is dangerous and very unsafe, and it could lead to a lot of consequences. The news should do a better job of covering these types of stories, the companies letting the data get leaked should do a better job of taking accountability and admitting their mistakes, and more people should be condemning these companies for failing to protect their users' data. Second, we need to figure out a way to limit data leaks overall. There have been way too many instances of important, personal data being thrown out into the internet for hackers to get a hold of. It can have a very negative effect on people and can result in their personal information being hacked. Something needs to be done, and something needs to be figured out, but it's completely unacceptable that nothing has been done to not only help the companies who are letting the data get leaked, but also the people whose data is being leaked. It blows my mind that I keep reading articles like this and it’s frustrating that nothing is being done. I hope there are smart, intelligent people who can get together and figure out how to solve these concerning problems.
ReplyDeleteHi John, I really liked the article that you discussed and your analysis of it. I did not know the extent to which COVID has led to breaches in healthcare information. I agree that this increase does not surprise me. I feel that with COVID more information is being kept through online records that hold secure health information about people, and that breaches would happen more often. The pandemic has caused more medical documents to digitized due to the nature of the COVID virus. I agree that this can be seen as helpful because the influx of documents that hospitals and other facilities need to have yet on patients while wanting to maintain safe precautions but has the potential to be dangerous.
ReplyDeleteThe healthcare industry should be doing more to ensure the privacy of their patients. As mentioned in the article, there has been an increase that employees are illegally accessing health records and files. I think more controls should be in place so that employees do not have access to critical data about their patients. Whether it is through higher ranks or increasing security around highly sensitive information, things must be changed in order to help reduce this risk. While outsider hackers are a different situation, it looks bad on the healthcare industry that their own employees are doing this. I agree with you that this is a serious issue that should not be taken lightly.
I liked how you mentioned why the healthcare industry is being targeting so heavily. I had not thought it this, but you mentioned that sensitive information is vital to their operations and you are absolutely correct. Healthcare needs to have all sensitive information in their daily course of actions for a variety of reasons. So, it would make sense that if a hacker wants to gain people’s social security numbers and other private information, that they would use this industry to do so. Furthermore, I think with the flux of information that hospitals are holding, their security measures could be better and would make them an easy target.
Overall, much like you mentioned, I am not surprised that the healthcare system is having these issues. I think companies such as Protenus should be utilized more to help reduce this risk by detecting potential fraud and company violations. Artificial intelligence is increasing in their capabilities and I think industries, such as healthcare, should take advantage of it. While more security measures should be added, artificial intelligence could be an added layer of protection to give patient’s more peace of mind that their data is protected and secure.