One in three Americans had their health care records breached last year, according to a study by Bitglass, a cybersecurity technology firm. Analyzing data from the Department of Health and Human Services, the company found that nearly 112 million people were impacted by hackers, compared to 12.5 million in 2014.

Stacking up

The findings mirror data from IBM Security, which found that health care accounted for 33.6 percent of compromised records across all industries. That’s up from just 0.63 percent between January 2011 and December 2014.

Why the rise in interest in health care? By some estimates, personal health information is worth more than 10-times the amount of a stolen credit card number on the black market. Criminals can use the data to commit Medicare fraud and other nefarious acts. And, admittedly, health care has been a laggard industry in terms of adopting robust cybersecurity protocols. Part of that can certainly be attributed to the overall delay in digitizing health care. We had considerable expertise locking down paper records, but the past decade has seen a significant rise in the use of electronic record systems.

At their fingertips

With the growing uptake in electronic health records (EHR), there is a heightened sense of urgency across health care. A select few leading organizations are working diligently to spread best practices and ensure that health care organizations have the tools that they need to protect patient information.

"Ensuring patients are accurately identified and matched to their records will help greatly improve health record security." 

Chief information security officers are hungry to share ideas and best practices. For instance, at a recent gathering of health care IT leaders, several speakers shared examples of how they’ve instituted programs to minimize the impact of phishing and spam attacks on their organizations. This are often how hackers make their way onto a network and wreak havoc.

Advancing the fight

There’s also growing recognition in Washington, D.C., that health care faces unique challenges. The recently enacted Cybersecurity Information Sharing Act contains some health care-specific provisions. Among other things, the law calls on the Department of Health and Human Services to create a task force that will not only analyze how other industries are addressing cyber threats, but improve information sharing across health care. The law will also lead to the development of guidelines and best practices.

Ensuring patients are accurately identified and matched to their records will help greatly improve health record security. Equally as important, we must be vigilant in securing medical devices. The vast majority of medical devices in a hospital are now connected to a network. It is imperative that we ensure they are safeguarded from a potential cyberattack.

No room for error

In January, the Food and Drug Administration issued draft guidance that calls on medical device manufacturers to, among other things, assess their products for vulnerabilities, share that information with other stakeholders and take steps to thwart a cyberattack.

The threats against health care providers are growing and becoming more sophisticated. It will take a concerted and collaborative effort to ensure that we stay two steps ahead of the bad guys.