Anthem Hack: Wake-up for the EHR Industry
Guest post by Divan Dave, CEO, OmniMD.
Here’s what we know. In the Anthem hack, it is estimated that approximately 80 million records were stolen. The Anthem hackers stole information of both employees and customers, which included names, address, emails, birth dates, medication history, employment details, family relatives and more. But while most hackers steal financial data for spending sprees – these hackers had next-step intentions with the stolen data serving as the basis for phishing emails with attachments for the purposes of installing malware using their official email accounts, gathering even more personal information, and then it was propagated across entire networks. So now what?
Know the facts. According to Privacy Rights Clearinghouse, up until Anthem, since 2006, about 6.6 million records have been exposed from 79 medical-related breaches of hacking or malware type. Last year, Community Health Systems Inc. announced a large data breach of its health system compromising data for 4.5 million patients and now Anthem at the 80 million mark. Attackers like targeting EHRs because the records are highly profitable compared to other forms of information. For example, each credit card data is valued about $1 in the black market. However, according to various sources, a partial or complete EHR can generate $50 to $100 on the black market. The high price is because of the healthcare data includes personal identity information and sometimes carries credit card information along with insurance and personal health information. So, while financial information can be tracked and secured following a breach — the healthcare information cannot be as easily tracked and resolved.
Current mandates. Every EHR provider should safeguard data and information with HIPAA-complaint communication protocols, 128-bit encryption and public key authentication. As per the HIPAA norms of strong grade encryption and authentication, providers should meet all the regulatory requirements enabling security and confidentiality. Scheduled backups of the data are essential to keeping records and information from being lost or destroyed.