How One Healthcare Data Breach Exposed the Health Information Security Crisis

Healthcare Data Breach

It’s no secret that hackers are hungry for consumer information. We all double-checked our purchasing history when news reports surfaced surrounding the Target and Home Depot hacks. We were among the hundreds of thousands who frantically changed all of our passwords when the potentially catastrophic Heartbleed bug wreaked havoc across the web.

There are precautions we can each take as consumers to protect our valuable information, but hackers always seem to be a few steps ahead of us. Most recently, it seems they’ve found a way to attack our coveted data in the most vulnerable of settings: our healthcare facilities.

When you visit hospitals, the last thing on your mind is the safety of your personal information. But after hearing this breaking news, you may start to give that notion a second thought!

Cyberattacks on hospitals have quietly existed for a number of years. But today’s hackers are bolder and more sophisticated than ever. The February 2016 hack on Hollywood Presbyterian Medical Center in Los Angeles has brought healthcare data breaches and health information security to the forefront of national conversation.

Here’s what you need to know.

What happened with the healthcare data breach in Los Angeles?

The hospital personnel at Hollywood Presbyterian Medical Center in Los Angeles found themselves in the midst of an internal emergency in late February. For longer than a week, anonymous hackers held the medical facility hostage by shutting down their internal computer system for a ransom of 9,000 bitcoin, which would equate to approximately $3.7 million.

This largescale cyberattack forced the facility to revert to long-expired processes, such as using paper registrations and medical records. Emergency rooms were impacted and fax lines were jammed through lack of access to email. All 911 patients had to be relocated to other area hospitals.

While the source itself still remains unclear to the public, the attack has been attributed to a type of malicious software called ransomware. Put simply, ransomware prevents you from using your electronic device, holding all of your files hostage.

To put this in perspective, imagine logging onto your computer for the first time one morning only to be notified that you can’t access any of your personal documents, social media logins, email accounts or virtual bank statements until you pay a lump sum to an anonymous hacker.

Now multiply that into holding hundreds of patients’ personal and medical data hostage in exchange for more than three million dollars!

The hospital ended up paying out the equivalent of $17,000, and the FBI is currently investigating to identify the source of the attack.

Are we on the cusp of a major health information security crisis?

Healthcare data breaches don’t only impact the medical facilities by way of ransom. These hacks can also result in theft of valuable patient information – including financial documents – and can compromise patient data, causing injury or death.

While hackers are growing more sophisticated on all fronts, medical facilities are particularly vulnerable to their attacks. In fact, nearly 90 percent of healthcare providers were hit by breaches in the past two years. This rise in cyberattacks against doctors and hospitals is costing the U.S. healthcare system around $6 billion a year!

You don’t need to be an expert to understand this is a huge deal. But that doesn’t mean expert research isn’t surfacing on this topic. A group of white hat hackers – hackers who use their powers for good instead of evil – from Independent Security Evaluators (ISE) recently released a report concluding their findings after hitting 12 American hospitals in an effort to prove the extreme vulnerability of our healthcare data.

These researchers used a number of methods – all with the permission of the participating hospitals – to get a read on the strength of IT security. Vulnerabilities were found when the white hat hackers were able to access hospital systems including several patient monitors. This gave them the ability to sound false alarms, display incorrect patient vitals and more.

They also discovered ways to bypass important hospital logins, to create false IDs to hijack blood samples and drugs and to route all newly-entered patient information straight to the attackers without personnel or patients knowing it was happening. While some security breaches were achieved through highly sophisticated methods, others were as simple as deciphering weak, easily-crackable passwords or outdated systems.

While ISE was unable to assess the entirety each hospital’s information security measures, everything they did evaluate had gaping flaws. In the wake of the ransomware attack in Los Angeles, it is expected that more cyberattacks will put hospitals in a deep information security crisis.

Is an influx of InfoSec jobs the answer hospitals are seeking?

Whether the particular vulnerability of hospitals to cyberattacks is due to lack of funding, use of susceptible technologies, a major skills shortage or a harrowing combination of the three, it’s clear that something needs to be done to strengthen the nation’s health information security.

It’s no wonder InfoSec careers are on the rise! Jobs are expected to grow more than twice as fast as all occupations on average by 2024. And you can rest assured that in the midst of prioritizing cybersecurity, medical facilities will edge their way to the front of the line in recruiting top-notch InfoSec professionals.

If you’re curious about what these jobs in information security entail and wondering if you might be cut out to be the IT superhero hospitals are desperately seeking, check out our article: 5 Fascinating InfoSec Jobs that Help Combat Cybercrime.


Related articles:

This piece of ad content was created by Rasmussen College to support its educational programs. Rasmussen College may not prepare students for all positions featured within this content. Please visit www.rasmussen.edu/degrees for a list of programs offered. External links provided on rasmussen.edu are for reference only. Rasmussen College does not guarantee, approve, control, or specifically endorse the information or products available on websites linked to, and is not endorsed by website owners, authors and/or organizations referenced. Rasmussen College is a regionally accredited private college and Public Benefit Corporation.

Jess is a Content Marketing Specialist at Collegis Education. She researches and writes student-focused content on behalf of Rasmussen College. As a trained and published poet, she loves discovering new ways to use her writing as a tool to further the education of others.

Receive Personalized Information Today

  • Personalized financial aid
  • Customized support services
  • Detailed program plan
  • Attend a no-obiligation Nursing Information Session
  • Meet the Dean of Nursing
  • Enrollment application
  • Personalized financial aid
  • Career path guidance

How may we contact you?

Please complete all fields

What would you like to study?

The program you have selected is not available in your area. Please select another program of interest.

By requesting information, I authorize Rasmussen College to contact me by email, phone or text message at the number provided.

close
Share Your Story Ideas
Our campuses and online community have stories to tell and we want to hear them! Did your campus raise the most money in the community for an organization? Do you have online study tips for other students? Would you like to share a personal success story about overcoming an obstacle while earning your degree?
To have your story idea considered:
  • You must be a faculty member, current student or graduate
  • Story ideas must be regarding Rasmussen College or an inspiring story about a student at Rasmussen College
  • Your submission must be original and may not have been published elsewhere online already
Please Note: Your story idea may be featured on the Rasmussen College News Beat or on one of our social networks. A member of our news team will contact you should we move forward with a blog post.
Feel free to suggest an idea for a blog post to be featured on the Rasmussen College News Beat by filling out the form below:

First Name: (required)

Last Name: (required)

Email Address: (required)

Phone Number: (required)

500 characters or less

close

Your Story Idea Has Been Submitted

Thank you for sending us a story idea! We’re reviewing submissions and may contact you soon to learn more about your story. In the meantime, make sure to check out our current blogs to see what’s happening on campus.

close