Guest post by Jay Atkinson, CEO, AIS Network.
The recent theft of 4.5 million medical records by Chinese hackers coupled with the news that as-yet unidentified hackers were able to penetrate the U.S. government’s health care portal have ignited consumer concerns about the safety of health care records – and rightly so. No patient should have to worry that his or her protected health information (PHI) may fall into the hands of thieves.
The medical industry experiences more security breaches than any other U.S. industry today, serving to undermine public confidence in electronic health records and the industry at large. Last year alone, more than 7 million patient health records were breached, up 138 percent over the previous year, according to a February report by IT security consultant Redspin. Theft or loss of unencrypted portable computing devices (i.e., laptops) or digital media containing PHI was the leading cause of PHI data breach, impacting 83 percent of records breached. Unauthorized access and hacking incidents impacted less than 7 percent of records breached.
It’s reassuring to see the industry break new ground in studying security flaws and addressing vulnerabilities. For example, the Health Information Trust Alliance (HITRUST) teamed with the Department of Health and Human Services (DHHS) last spring to lead CyberRX, a series of no cost, industry-wide exercises designed to simulate cyber attacks on participating health care organizations and help them identify weaknesses in preparedness. Two important findings emerged:
- Organizations that participate in cyber exercises are better prepared for a cyber attack, regardless of the maturity and comprehensiveness of their information security program.
- More preparation exercises like CyberRX would benefit health organizations by helping them to evaluate their programs, refine policies and procedures, and develop and implement effective communications among internal departments, the industry at-large, and government.