Community Health Systems, a large hospital operator, got hacked. The word is Chinese hackers stole some 4.5 million health records from the company. The files included everything from patient Social Security numbers to birth dates and addresses, a veritable goldmine of information for identity theft.
Healthcare providers have been digitizing our records to make everything from treating patients to filing for insurance more efficient. But in their rush towards efficiency, cyber security has gotten lost, says Stephen Cobb, a security researcher at ESET.
“I think a lot of the problem is cultural,” says Cobb. “Doctors and nurses get up and go to work everyday to help people" - not to protect people from criminals, he says. “An example would be, 'how many hospital systems have chief security information officers'?”
His answer: not many. Plus, he says, many computer systems were put in place before cyber crimes became a real threat, and so a lot of those systems have holes.
Protecting medical records is more difficult than say, protecting your banking records, because they’re constantly being shared and transferred online, says Mac McMillan, CEO of CynergisTek.
“If you look at the average number of people who have access to your information in a hospital encounter, the number I’ve heard is around 150 people,” McMillan says. Each of those people are potential security threats.
Complicating cyber security even further is the "Internet of Things," says Michael Coates, director of product security at Shape Security. He says almost everything in a hospital is wired these days - from printers to “imaging devices or tablets being used by doctors on the wireless network."
Coates says many of these devices aren't secure, and if hackers can break into one device, they can potentially break into the whole system.