Ouch. It’s been a rough year for healthcare.
First was the whole Healthcare.gov website debacle and the ensuing craziness with that. Now, it’s this: Community Health Systems, operator of around 206 hospitals across the country, got hacked HACKED and had the information of over 4.5 million patients stolen.
Hospitals, hacking, and HIPAA
What’d they get? The whole she-bang, pretty much. Names, addresses, Social Security numbers, birthdays, telephone numbers, naming rights to firstborn children, VIN numbers on their cars…you get the point. They took so much that the people who hacked Target got embarrassed. “Oh, you got Social Security numbers? All we got were Target discount cards.”
Needless to say, a lot of credit cards are about to be opened.
The bad part for CHS—like, the really bad part—is that this is in direct violation of the Health Insurance Portability and Accountability Act (HIPAA), which means that patients who have had their data stolen (all 4.5 million of them) can sue the hospital network for damages. HIPAA basically states that if you hold medical data on a patient, you have to keep that secure OR ELSE. Here, the “OR ELSE” part is 4.5 million people suing you simultaneously.
Somewhere, a class-action lawyer’s ears just perked up. “Honey, get my briefcase! The world needs me…to sue someone.”
Community Health Systems hired a security firm to look into the breach—and then the FBI jumped in–and found that is has come from a Chinese hacking group who has previously targeted medical devices. This attack took place last April or June, according to authorities and representatives at CHS.
Currently, CHS has removed the malware from all of their systems and is setting up security protocols to prevent further breaches, but the damage is already done. Good for CHS for cleaning up their mess, but bad for the patients whose information was stolen and is now incredibly vulnerable to identity theft. CHS has said that they will cover identity theft protection to the 4.5 million patients who were affected by the hacking.
Securing your data
This brings up an important point about making sure you take the necessary steps to protect your data, especially in the healthcare industry where security is a top priority. They’re pretty serious about that whole “doctor/patient confidentiality” thing.
Constantly updating your firewalls, anti-virus software, and security protocols goes a long way in protecting your data, so make sure you stay safe out there. Otherwise, I’m sure somewhere a lawyers’ kid wouldn’t mind being put through college on your dime.
(h/t CNN Money)
For more information contact Chris L.