Health-care providers and government agencies across the US have seen an increase in cybersecurity breaches in recent months, exposing sensitive data from hundreds of thousands of people as the sector scrambles to find adequate defence mechanisms.
“These threats are real,” Oscar Alleyne, senior adviser at the National Association of County and City Health Officials, said Tuesday during a panel in Washington. The breaches include malware attacks, computer thefts, unauthorized network access and other security breaches, according to a government database that tracks attacks in the health-care sector.
A recent trail of large-scale cyberattacks on the health-care industry exposed the vulnerability of the sector. Last year’s global WannaCry ransomware attack crippled parts of the UK’s National Health Service for days. In a 2015 hack, US health insurance giant Anthem Inc had about 79 million customers’ personal information exposed.
Along with detailed personal information like Social Security numbers, health-care hacks can include sensitive information about a patient’s medical history and treatment. In other cases, breaches can cripple a hospital or health system, preventing sick people from getting the care they need.
They can be a business risk, too.
“Of course, there’s privacy,” Axel Wirth, a technical architect at security firm Symantec Corp, said during the panel, “but there’s also intellectual property and business data. Your latest vaccine research could be compromised.”
In April, there were 42 reports of data breaches in the health-care sector, according to the Department of Health and Human Services database, which tracks cases where data from 500 or more people were affected.
That month, the California Department of Developmental Services reported that 12 of its computers, containing medical records of 582,174 people, had been stolen. A few days later, Inogen Inc, a medical-equipment company, said personal information of almost 30,000 customers was exposed after a hacker had gained access to an employee’s e-mail account.
The attacks can get expensive: According to estimates Alleyne cited during the panel, a data breach can cost health-care providers more than US$400 (RM1,627) per patient.
“When I was a local epidemiologist, my county was 312,000-something people,” Alleyne said. “You multiply that out by records and see the significant cost.”
Anthem, the insurer, eventually agreed to pay US$115mil (RM467.76mil) to resolve consumer claims over its 2015 breach.
Health departments in counties and cities tend not to have sufficient defence mechanisms in place. Alleyne said only 33% of the local health departments in the association had plans on how to defend against a cyberattack. Only 23 conducted training on the issue, and only 8% participated in drills or exercises. — Bloomberg
What do you think of this article?