5 Things CIOs Should Do in Light of the Recent Patient Records Theft

Community Health Systems, which manages 206 hospitals in 29 states, reported this week that they were victims of Chinese hackers who infiltrated and stole more than 4.5 million patient records. The hackers made out with names, addresses and social security numbers for patients across the network during attacks in April and June.

Community Health Systems, which manages 206 hospitals in 29 states, reported this week that they were victims of Chinese hackers who infiltrated and stole more than 4.5 million patient records. The hackers made out with names, addresses and social security numbers for patients across the network during attacks in April and June.

While the hackers did not get access to the highly-valued protected health information in patient medical records, the hack represents the second largest healthcare-related heist in the last few years. It is also just the tip of the iceberg when it comes to privacy breaches.

Locations of the hospitals in the Community Health Systems network (Image source)

Community Health Systems is just one of more than 150 breaches this year to the US Department of Health and Human Services. Those breaches, which range from stolen equipment to hacked emails, affect institutions across the country.

We recommend that all CIOs and IT teams in charge of sensitive PHI review their current infrastructure and data access policies and take an aggressive stance toward defending against hacking attacks such as the one that hit Community Health Systems.

5 Things CIOs Should Do to Defend Against Patient Data Hacking

1) Ensure network access logging and monitoring is active and working properly across all patient databases and access points.

2) Beef up network oversight to pick up on any suspicious activity such as higher than normal volume of traffic or server transactions, unusual IP traffic, recent activity from long-dormant accounts or other unusual events.

3) Review security audits, policies and security updates to ensure the system is up-to-date and loopholes or issues are patched and closed.

4) Review any authorized access providers and ensure their security policies and procedures are similarly up-to-date and proactive.

5) Review existing technical crisis and communication plans in the event of a breach to ensure readiness and proactive response should systems become compromised in the future.

With all of the hacking and breaches, it’s no wonder that complaints of HIPAA privacy violations continue skyrocket year over year. Unfortunately, the trend is unlikely to change any time soon. Health records are more valuable on the black market than credit card information and with more institutions moving online more hacks are inevitable.

Protecting healthcare providers, payers, their business associates and the public is why we built TrueVault. Making it easier for hospital IT teams and developers to secure sensitive data is at the very heart of our mission.

patient security / shutterstock