While most recent security attacks were reported at industries other than healthcare, this is not so for the last –Community Health Systems Inc.’s (CHSI) unauthorized access of 4.5 million patient records. Unfortunately, attacks on healthcare records are not as uncommon as one might hope. An analysis in Jason Millman’s Washington Post Blog (link) reveals that over 30.1 million customers of the healthcare IT industry have had their personal data compromised, and that healthcare data is under increasing attacks, becoming 43% of the total major data breaches reported in 2013 –Healthcare is now the most affected industry of all.
What is even more disquieting is that the attacks have become more and more sophisticated. CHSI’s attack was, if the information is correct, originated from China, from “professional” hackers. The attack consisted in exercising the Heartbleed bug to penetrate a Juniper Networks device –and once inside the VPN, then attacking a patient database. (See this link to HealthITSecurity for more information).
What this means is that, unfortunately, Healthcare IT will need to take security much more seriously –and this is especially hard because the healthcare environment is complex, and in consequence many disparate systems need to be monitored, audited, and well understood if protection is to be effective.