BusinesseHealthHospital AdministrationMedical RecordsNewsPolicy & LawTechnology

5 Things CIOs Should Do in Light of the Recent Patient Records Theft

2 Mins read

Community Health Systems, which manages 206 hospitals in 29 states, reported this week that they were victims of Chinese hackers who infiltrated and stole more than 4.5 million patient records. The hackers made out with names, addresses and social security numbers for patients across the network during attacks in April and June.

Community Health Systems, which manages 206 hospitals in 29 states, reported this week that they were victims of Chinese hackers who infiltrated and stole more than 4.5 million patient records. The hackers made out with names, addresses and social security numbers for patients across the network during attacks in April and June.

While the hackers did not get access to the highly-valued protected health information in patient medical records, the hack represents the second largest healthcare-related heist in the last few years. It is also just the tip of the iceberg when it comes to privacy breaches.


Locations of the hospitals in the Community Health Systems network (Image source)

Community Health Systems is just one of more than 150 breaches this year to the US Department of Health and Human Services. Those breaches, which range from stolen equipment to hacked emails, affect institutions across the country.

We recommend that all CIOs and IT teams in charge of sensitive PHI review their current infrastructure and data access policies and take an aggressive stance toward defending against hacking attacks such as the one that hit Community Health Systems.

5 Things CIOs Should Do to Defend Against Patient Data Hacking

1) Ensure network access logging and monitoring is active and working properly across all patient databases and access points.

2) Beef up network oversight to pick up on any suspicious activity such as higher than normal volume of traffic or server transactions, unusual IP traffic, recent activity from long-dormant accounts or other unusual events.

3) Review security audits, policies and security updates to ensure the system is up-to-date and loopholes or issues are patched and closed.

4) Review any authorized access providers and ensure their security policies and procedures are similarly up-to-date and proactive.

5) Review existing technical crisis and communication plans in the event of a breach to ensure readiness and proactive response should systems become compromised in the future.

With all of the hacking and breaches, it’s no wonder that complaints of HIPAA privacy violations continue skyrocket year over year. Unfortunately, the trend is unlikely to change any time soon. Health records are more valuable on the black market than credit card information and with more institutions moving online more hacks are inevitable.

Protecting healthcare providers, payers, their business associates and the public is why we built TrueVault. Making it easier for hospital IT teams and developers to secure sensitive data is at the very heart of our mission.

patient security / shutterstock

Related posts
Artificial IntelligenceCovid-19eHealthHealth careMobile HealthTechnology

How Can AI Protect Healthcare Workers From COVID-19 Transmission?

4 Mins read
In the unprecedented time that COVID-19 is, health and care workers, especially those who operate on the frontline, have emerged as heros….
eHealthTechnology

Role of Information Technology in the Health Industry?

3 Mins read
People think that Information Technology is only meant for the tech industries. Well, I tell you what it has more in it….
Mental HealthTechnology

How to Use Consumer Technology to Improve the Quality of Your Mental and Physical Life

3 Mins read
Today, consumer technology is encroaching on every aspect of our lives. It dominates the living room, the kitchen, the office, the family…