The proliferation of cyberattacks on healthcare providers is well known, with new reports continuing to highlight the problem.
More than 216 hospitals were included in 1,798 breaches between Oct. 21, 2009 and Dec. 31, 2016, according to a report last week in The Journal of the American Medical Association. Additionally, 33 hospitals, or 15 percent, reported more than one breach. Of the 141 affected acute care hospitals, 52 were major academic medical centers.
Also, about 20,000 patients were affected in 24 of the 216 breached hospitals, and six hospitals had over 60,000 breached patient records.
Another recent report found that ransomware attacks more than quadrupled in 2016, with nearly half happening in the healthcare sector. These types of attacks are projected to double again in 2017, Beazley Breach Insights reported.
Some efforts are underway to form a coordinated response to this problem.
At a hearing last week to address cyberattacks in the healthcare industry, the House Energy and Commerce Subcommittee on Oversight and Investigations, Terry Rice, VP of IT risk management and CISO at Merck, indicated cybersecurity has become a top concern for healthcare organizations.
While hundreds of millions of health records have been compromised in data breaches in recent years, the extent of the problem may be inadequately reported. “Unfortunately, I believe these incidents underrepresent the risks we are facing as an industry,” Rice said.
To fight cyberattacks, Congress should provide organizations tax breaks for Information Sharing and Analysis Centers, educate the industry on the importance of information sharing, protect data shared through ISACs and advocate for public-private partnerships, Denise Anderson, president of the National Health Information Sharing and Analysis Center told the lawmakers.
“It’s become increasingly apparent that the industry needs a government representative who understands cybersecurity issues, threats, vulnerabilities and impacts, as well as the blended threats between physical and cybersecurity,” said Anderson.
At LUMDEX, privacy, security and of course HIPAA-compliance are the essence of our software solutions. We invite you to read our Privacy and Security Policy, our Editorial and Advertising Policy, and our Terms and Conditions of Use. Feel free to browse throughout LUMEDX.com, and please read our Mission Statement in the "About Us" section of LUMEDX.com.