5 Things CIOs Should Do in Light of the Recent Patient Records Theft

August 22, 2014
58 Views

Community Health Systems, which manages 206 hospitals in 29 states, reported this week that they were victims of Chinese hackers who infiltrated and stole more than 4.5 million patient records. The hackers made out with names, addresses and social security numbers for patients across the network during attacks in April and June.

Community Health Systems, which manages 206 hospitals in 29 states, reported this week that they were victims of Chinese hackers who infiltrated and stole more than 4.5 million patient records. The hackers made out with names, addresses and social security numbers for patients across the network during attacks in April and June.

While the hackers did not get access to the highly-valued protected health information in patient medical records, the hack represents the second largest healthcare-related heist in the last few years. It is also just the tip of the iceberg when it comes to privacy breaches.


Locations of the hospitals in the Community Health Systems network (Image source)

Community Health Systems is just one of more than 150 breaches this year to the US Department of Health and Human Services. Those breaches, which range from stolen equipment to hacked emails, affect institutions across the country.

We recommend that all CIOs and IT teams in charge of sensitive PHI review their current infrastructure and data access policies and take an aggressive stance toward defending against hacking attacks such as the one that hit Community Health Systems.

5 Things CIOs Should Do to Defend Against Patient Data Hacking

1) Ensure network access logging and monitoring is active and working properly across all patient databases and access points.

2) Beef up network oversight to pick up on any suspicious activity such as higher than normal volume of traffic or server transactions, unusual IP traffic, recent activity from long-dormant accounts or other unusual events.

3) Review security audits, policies and security updates to ensure the system is up-to-date and loopholes or issues are patched and closed.

4) Review any authorized access providers and ensure their security policies and procedures are similarly up-to-date and proactive.

5) Review existing technical crisis and communication plans in the event of a breach to ensure readiness and proactive response should systems become compromised in the future.

With all of the hacking and breaches, it’s no wonder that complaints of HIPAA privacy violations continue skyrocket year over year. Unfortunately, the trend is unlikely to change any time soon. Health records are more valuable on the black market than credit card information and with more institutions moving online more hacks are inevitable.

Protecting healthcare providers, payers, their business associates and the public is why we built TrueVault. Making it easier for hospital IT teams and developers to secure sensitive data is at the very heart of our mission.

patient security / shutterstock

You may be interested

The Benefits of Providing Homecare in Your Health System
Home Health
397 views
Home Health
397 views

The Benefits of Providing Homecare in Your Health System

Jennifer E. Landis - August 14, 2017

In-home health care, colloquially known as homecare, offers untold benefits for both patients and the health care professionals providing the…

Healthcare Tech Advances That All Clinics Should Use
Medical Devices
461 views
Medical Devices
461 views

Healthcare Tech Advances That All Clinics Should Use

Dennis Hung - August 12, 2017

Healthcare will always be important to employees and the government since the issues surrounding healthcare are inherently ethical and moral…

Balancing Smart Data With Cybersecurity for Hospitals
Hospital Administration
458 views
Hospital Administration
458 views

Balancing Smart Data With Cybersecurity for Hospitals

Kayla Matthews - August 11, 2017

It should come as no surprise that your discussions and interactions with physicians and health professionals influence diagnoses, prescriptions, visit…