In 2021 healthcare organizations saw a three-fold jump in cybercrime versus the three years earlier, according to a new POLITICO report.
That added up to 50 million patients with exposed health data, it reported, based on analysis of six-plus years of data reported to HHS’ Office for Civil Rights.
“Unfortunately, the industry is pretty much easy pickings, and they’re hitting it because they’re getting paid,” CynergisTek CEO Mac McMillan, told the news site. “It’s [not] gonna slow down until we either get more serious about stopping it, or blocking it, or being more effective at it. From the cybercriminals’ perspective, they’re being successful, they’re getting paid, why would they stop?”
Ad Statistics
Times Displayed: 365921
Times Visited: 7106 Quality remanufactured Certified Centrifuges at Great prices! Fully warranted and backed by a company you can trust! Call or click for a free quote today! www.Centrifugestore.com 800-457-7576
A number of forces led to the surge in hacking — more reliance on digital data due to Covid, remote work that exposes more personal data from unsecured private devices linked into networks, the increase in value of health and financial data found in healthcare databases, and more reporting of the crimes as the industry becomes more vigilant.
Unfortunately, the importance of data sharing in modern healthcare settings makes the challenge both more difficult and challenging, especially as patients and providers must rely on it to provide care efficiently and cost-effectively.
“Because data starts to move around more freely, this is sort of the cost of doing business,” Aaron Maguregui, senior counsel at Foley & Lardner, told POLITICO.
Just this week, and shortly after White House warnings of possible Russian cyberattacks, the issue was addressed in a new bill, aimed specifically at cybercrime against the healthcare sector, introduced by U.S. Senators Bill Cassidy, M.D. (R-LA) and Jacky Rosen (D-NV).
Their Healthcare Cybersecurity Act would direct the Cybersecurity and Infrastructure Security Agency (CISA) and the Department of Health and Human Services (HHS) to collaborate on how to improve cybersecurity measures in hospitals and other healthcare centers, according to a statement issued by Cassidy.
“Health centers save lives and hold a lot of sensitive, personal information. This makes them a prime target for cyberattacks,” Dr. Cassidy stated, noting that, “this bill protects patients’ data and public health by strengthening our resilience to cyber warfare.”
The issue is even more critical due to threats stemming from the Ukraine-Russia conflict.
“In light of the threat of Russian cyberattacks, we must take proactive steps to enhance the cybersecurity of our healthcare and public health entities,” stated Rosen. “Hospitals and health centers are part of our critical infrastructure and increasingly the targets of malicious cyberattacks, which can result in data breaches, the cost of care being driven up, and negative patient health outcomes. This bipartisan bill will help strengthen cybersecurity protections and protect lives.”
Included in the bill are a number of measures to address cyberthreats, including a requirement that CISA and HHS form an agreement to boost cybersecurity, provide cybersecurity training to those in healthcare, launch a study to more closely assess risks, and an assessment of various cybersecurity workforce shortages.
The issue raises risks to patients whose data has been exposed — and also exposed healthcare software providers to potential liability claims. In January, EHR vendor QRS
was sued for a data breach that occurred in its patient portal system back in August by Kentucky resident Matthew Tincher. The breach potentially compromised his and nearly 320,000 other individuals’ health information.
QRS is a vendor of the Paradigm practice management and EHR systems.
