By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
Health Works CollectiveHealth Works CollectiveHealth Works Collective
  • Health
    • Mental Health
  • Policy and Law
    • Global Healthcare
    • Medical Ethics
  • Medical Innovations
  • News
  • Wellness
  • Tech
Search
© 2023 HealthWorks Collective. All Rights Reserved.
Reading: Healthcare Data Survey Shows Providers Are Easy Prey For Hackers
Share
Notification Show More
Font ResizerAa
Health Works CollectiveHealth Works Collective
Font ResizerAa
Search
Follow US
  • About
  • Contact
  • Privacy
© 2023 HealthWorks Collective. All Rights Reserved.
Health Works Collective > Policy & Law > Healthcare Data Survey Shows Providers Are Easy Prey For Hackers
Policy & LawTechnology

Healthcare Data Survey Shows Providers Are Easy Prey For Hackers

Sean Mallon
Sean Mallon
Share
7 Min Read
SHARE

  The cost of data breaches could cost the healthcare industry $4 Billion in 2019, according to a comprehensive industry survey published in November. Respected market analysis firm Black Book Market Research published the results from its poll of nearly 2,900 cybersecurity experts who work in the medical data field, and the news is not encouraging for the healthcare providers the experts serve. “Thus far in 2019, healthcare providers continued to be the most targeted organizations for industry cybersecurity breaches with nearly 4 out of 5 breaches, whereas successful attacks on health insurers and plans maintained with more sophisticated information security solutions with little change year to year,” Black Book said in a press release. “Over half (53%) of all provider breaches were caused by external hacking according to respondents.” The survey also found that 93 percent of healthcare organizations have suffered at least one data breach since the third quarter of 2016, and more than half have suffered at least five breaches during the same time period. Those doctors, clinics, and hospitals are unprepared for and mostly unaware of the threats they face, according to Black Book’s survey. Fifty-eight percent of the respondents said they didn’t hire a security consultant until after a “cybersecurity incident,” while 94 percent haven’t upgraded their security systems since their last incident, and 35 percent hadn’t done any security scans prior to being targeted by hackers. Black Book’s founder says the problem is compounded by companies’ efforts to maximize profits, which means minimal investment in budget items that don’t generate revenue—like data security. Physician organizations reported that just one percent of their IT budgets were earmarked for cybersecurity. This, however, is textbook “penny wise and pound foolish” thinking, with many egregious examples in recent history to prove the point. Medical billing company American Medical Collections Agency (“AMCA”) was a trusted vendor to many large healthcare providers across the United States. Founded in 1977, its contracts reached millions of patient files and accounts worth billions of dollars. Yet over the course of eight months, from August 2018 to March 2019, ACMA’s cloud storage was being hacked, with more than 20 million patient files pillaged for valuable financial data. The news of the breach quickly spread, and investigations and lawsuits started piling up. When it became clear that there would be no easy way out of the problem, and after the company’s founder funneled $2.5 million of his own money into AMCA to keep it afloat, AMCA filed for Chapter 11 bankruptcy protection on June 17. The problem is not limited to AMCA, but also to every healthcare provider it did business with. Since HIPAA’s Security Rule places the burden on the healthcare provider to ensure that not only must the provider and its employees take all necessary steps to protect patient information, but so do its vendors and contractors, those providers may be equally guilty of AMCA’s sins in the eyes of the law. As a result, some of AMCA’s client healthcare organizations, like New Jersey-based Quest Diagnostics have been called to answer to Congress. New Jersey’s Senators Cory Booker and Bob Menendez sent an inquiry to Quest, demanding answers for the millions of residents whose medical and financial data were exposed. They also sent an inquiry to North Carolina-based LabCorp, another victim of the AMCA attack, which had previously been sued for HIPAA violations over several breach incidents. The AMCA fiasco shows how easily a Trojan horse program can exploit a single weakness and impact an entire community of businesses. How the hackers got into AMCA’s files has not been made public, but through that single breach they were able to infect the entire web of AMCA’s business partners. And each of those partners similarly failed to have adequate security to identify and prevent the breach in real time, and to alert the system administrators that they were under siege. Only through a series of failures was the hack allowed to go undiscovered for eight months. It has already cost AMCA millions of dollars, and perhaps its entire business if it cannot emerge from Chapter 11 bankruptcy. Each of its business partners will face a similar set of investigations and lawsuits, as state and federal regulators demand answers, while patients demand compensation for their lost privacy. And every frontline provider who contracted with AMCA will have to reckon with those consequences. There is a clear lesson here for wise healthcare providers and their security contractors. With severely restricted budgets for protection and extremely high costs for failure, healthcare security is an area where cost-efficiency is a top priority. A security system that is customizable to the client’s needs, scalable to the client’s business, and adaptable to the client’s workflow is as close to perfect as a solution can be. Such a system cannot be purchased “off the rack”, but should be tailored through intimate discussions with the client, the vendor, and the designer. Is it going to be sky-high expensive? Stop your guess-work and just ask one of the trusted healthcare software developers for a free quote. The most surprising finding from Black Book’s survey might be the one that starts that conversation: 93 percent of clinics have no solution in place to instantly detect and respond to an attack. They are easy targets, and they need someone who knows better to give them the information and resources they need to protect themselves.

TAGGED:cybersecuritycybersecurity threatsdata threatshackerhacking
Share This Article
Facebook Copy Link Print
Share

Stay Connected

1.5kFollowersLike
4.5kFollowersFollow
2.8kFollowersPin
136kSubscribersSubscribe

Latest News

a woman walking on the hallway
6 Easy Healthcare Ways to Sit Less and Move More Every Day
Health
September 9, 2025
Clinical Expertise
Healthcare at a Crossroads: Why Leadership Matters More Than Ever
Global Healthcare
September 9, 2025
travel nurse in north carolina
Balancing Speed and Scope: Choosing the Nursing Degree That Fits Your Goals
Nursing
September 1, 2025
intimacy
How to Keep Intimacy Comfortable as You Age
Relationship and Lifestyle Senior Care
September 1, 2025

You Might also Like

celebrity health spokesperson
Medical EthicsNewsWellness

Celebrity Spokespeople: A Double-Edged Sword

June 25, 2013

Effective Technologies for Wound Hemostasis, Sealing and Closure

July 28, 2014
BusinessMedical DevicesMedical Innovations

Microvisk Limited Uses Same Technology as iPhone, Wii to Measure Blood Coagulation

January 24, 2012
Medical Innovations

How Virtual Reality Is Changing The Healthcare Industry

December 12, 2018
Subscribe
Subscribe to our newsletter to get our newest articles instantly!
Follow US
© 2008-2025 HealthWorks Collective. All Rights Reserved.
  • About
  • Contact
  • Privacy
Welcome Back!

Sign in to your account

Username or Email Address
Password

Lost your password?