BusinesseHealthHospital AdministrationMedical RecordsNewsPolicy & LawTechnology

5 Things CIOs Should Do in Light of the Recent Patient Records Theft

2 Mins read

Community Health Systems, which manages 206 hospitals in 29 states, reported this week that they were victims of Chinese hackers who infiltrated and stole more than 4.5 million patient records. The hackers made out with names, addresses and social security numbers for patients across the network during attacks in April and June.

Community Health Systems, which manages 206 hospitals in 29 states, reported this week that they were victims of Chinese hackers who infiltrated and stole more than 4.5 million patient records. The hackers made out with names, addresses and social security numbers for patients across the network during attacks in April and June.

While the hackers did not get access to the highly-valued protected health information in patient medical records, the hack represents the second largest healthcare-related heist in the last few years. It is also just the tip of the iceberg when it comes to privacy breaches.


Locations of the hospitals in the Community Health Systems network (Image source)

Community Health Systems is just one of more than 150 breaches this year to the US Department of Health and Human Services. Those breaches, which range from stolen equipment to hacked emails, affect institutions across the country.

We recommend that all CIOs and IT teams in charge of sensitive PHI review their current infrastructure and data access policies and take an aggressive stance toward defending against hacking attacks such as the one that hit Community Health Systems.

5 Things CIOs Should Do to Defend Against Patient Data Hacking

1) Ensure network access logging and monitoring is active and working properly across all patient databases and access points.

2) Beef up network oversight to pick up on any suspicious activity such as higher than normal volume of traffic or server transactions, unusual IP traffic, recent activity from long-dormant accounts or other unusual events.

3) Review security audits, policies and security updates to ensure the system is up-to-date and loopholes or issues are patched and closed.

4) Review any authorized access providers and ensure their security policies and procedures are similarly up-to-date and proactive.

5) Review existing technical crisis and communication plans in the event of a breach to ensure readiness and proactive response should systems become compromised in the future.

With all of the hacking and breaches, it’s no wonder that complaints of HIPAA privacy violations continue skyrocket year over year. Unfortunately, the trend is unlikely to change any time soon. Health records are more valuable on the black market than credit card information and with more institutions moving online more hacks are inevitable.

Protecting healthcare providers, payers, their business associates and the public is why we built TrueVault. Making it easier for hospital IT teams and developers to secure sensitive data is at the very heart of our mission.

patient security / shutterstock

Related posts
eHealth

How Is Remote Therapy Helping Patients During the Covid-19 Pandemic?

3 Mins read
During the COVID-19 pandemic, telehealth saw a huge surge in popularity as patients did their best to avoid in-person appointments whenever possible…
Technology

5 Simple Apps For Health Professionals for Efficiency

3 Mins read
Technology nowadays is aiming at every aspect of our lives, and so it goes for the healthcare system. Doctors and those who…
eHealthMobile Health

Why Should a Healthcare Company Create Their Own App?

3 Mins read
Mobile technology might have once started out as a thing for young people, but nowadays, it’s estimated that 96% of Americans own…