Hackers Increasingly Targeting Health Care Information

The FBI has reported that hackers have been increasingly targeting health care related IT systems and warned that the hackers may be seeking to obtain patients’ Protected Healthcare Information (PHI). With the January 2015 deadline to transition to EHRs approaching, the FBI warns that hackers are likely to seek to exploit vulnerabilities. The FBI also stated that in addition to targeting PHI “these actors have also been seen targeting multiple companies in the healthcare and medical device industry typically targeting valuable intellectual property, such as medical device and equipment development data.”

Tennessee based Community Health Systems (CHS) was recently attacked in a breach that lead to the theft of over 4 million records including patient names, addresses, birth dates and Social Security numbers.

This is not the first time that the FBI has warned healthcare providers that their industry is vulnerable to hackers as a result of inadequate cybersecurity systems. Despite the fact that the banking and financial industries have more advanced cybersecurity systems, the healthcare industry often has much greater exposure to data breaches due to the large number of parties with access to PHI including payers, pharmacies, diagnostics and labs.

The FBI emphasizes the importance of protecting PHI; a stolen partial EHR can be sold for $50 while a stolen social security or credit card number is typically sold for $1. EHR is so valuable because of its multitude of uses. EHR information can be used to file fraudulent insurance claims, advance identity theft, and obtain prescriptions. Complicating security for healthcare providers is that it often takes twice as long to discover medical data breaches because victims don’t immediately realize that their information has been compromised.