• Skip to main content
  • Skip to secondary menu
  • Skip to primary sidebar
  • Skip to secondary sidebar
  • Skip to footer

  • Opinion
  • Health IT
    • Behavioral Health
    • Care Coordination
    • EMR/EHR
    • Interoperability
    • Patient Engagement
    • Population Health Management
    • Revenue Cycle Management
    • Social Determinants of Health
  • Digital Health
    • AI
    • Blockchain
    • Precision Medicine
    • Telehealth
    • Wearables
  • Startups
  • M&A
  • Value-based Care
    • Accountable Care (ACOs)
    • Medicare Advantage
  • Life Sciences
  • Research

In-Depth: The Danger of Hospitals Leaking Patient Data

by Fred Pennic 09/17/2014 6 Comments

  • LinkedIn
  • Twitter
  • Facebook
  • Email
  • Print
Hospitals Leaking Patient Data
Image credit: Jason Paluck via cc

A Washington Post news report in August this year came as a shock to many Americans who believed, until then, that their medical records were for their eyes only. Chinese hackers stole data pertaining to a whopping 4.5 million patients from a company that runs over 200 hospitals spread across the US. The massive data breach raised some serious concerns about how private medical records are and exactly what various health care organizations are doing to keep this sensitive information completely confidential like it ought to be.

In fact, the first question in the mind of every patient who has ever paid a visit to their physician is: Is my hospital doing anything at all to safeguard my privacy? The shocking answer is that your health care provider may think they have effective security to protect sensitive health information, but chances are that there are any number of loopholes in the system that make it highly vulnerable to outsiders. 

Why Hack Medical Records?

Another question that arises is: how are medical records valuable to hackers? How can they be used? The fact is that medical records also come complete with a whole lot of critical personal information that can be misused by hackers in a variety of ways. For example, in the Community Health System hack that is suspected to have originated in China, the hackers made away with names, birth dates, addresses, phone numbers and most importantly, social security numbers.

Apart from this data, medical records, especially billing records may also contain highly sensitive information like credit card details or bank account details that can be used by the hacker to skim the patient’s account. Although the Community Health Systems hack did not expose this kind of financial information, there is no guarantee that the next security breach will not include these as well. There is no doubt that effective preventive steps need to be taken immediately to address this weakness.

Implementation of a standardized code of best practices is an excellent first step that can integrate security with the medical care provider’s systems so that the patient’s information is protected right from the time his data is entered into the system. One in ten Americans has experienced a medical data breach, according to a Advisory.com report. 

Hospital Equipment is Highly Vulnerable to Hackers

The problem does not just concern data breaches and possible misuse of such sensitive data by unscrupulous persons. It encompasses security lapses that have the potential to create life threatening situations. A recent wired.com report highlighted how medical equipment gets scant attention when it comes to security problems. After a review of the existing systems at a chain of Midwest health care facilities, researcher Scott Erven who heads the information security division at Essentia Health, made some truly shocking discoveries.

Erven found that the hospital’s systems are vulnerable in most cases because they leak critical data to the internet. This could include information about all the computers and devices that are part of the hospital’s network. Access to this kind of information allows hackers to carry out focused attacks on specific machines/ segments of the hospital. By infecting just one single equipment connected to the network, hackers can gain access to all of the others as well as medical data stored on the hospital’s servers easily. Apart from gaining access to critical and sensitive information, the hacker can also directly control settings of various life supporting equipment such as embedded pacemakers.

Preventing Hacks for Safeguarding Patients

The need for strong security measures is very evident and it is equally clear that action needs to be taken right away. Some of the best practices to adopt to improve security and limit damage during breaches are:

  • Educating the hospital’s top management about the impact of poor security and its consequences on patient retention will help. The education should include creating awareness about using strong passwords at all entry points to make it difficult for outsiders to simply get access by guessing the right combination of words/ letters/ characters.

  • Assessment of hospital’s firewalls and security measures as well as review of security levels of third party networks to which the hospital’s network is connected.

  • Making equipment on the network difficult to identify so that hackers cannot quickly hone in on highly vulnerable machines/ equipment to cause a disruptive attack.

  • Establishing a security breach response team that can quickly act when a breach is detected so that the damage can be minimized.

Several such best practices have been outlined by Erven and his team to keep medical data and hospital networks safe from unauthorized access. It remains to be seen how seriously hospitals take this serious issue and how speedily they act upon Erven’s dramatic findings.

  • LinkedIn
  • Twitter
  • Facebook
  • Email
  • Print

Tagged With: HIPAA, Security in Healthcare

Tap Native

Get in-depth healthcare technology analysis and commentary delivered straight to your email weekly

Reader Interactions

Primary Sidebar

Subscribe to HIT Consultant

Latest insightful articles delivered straight to your inbox weekly.

Submit a Tip or Pitch

Featured Insights

2025 EMR Software Pricing Guide

2025 EMR Software Pricing Guide

Featured Interview

Paradigm Shift in Diabetes Care with Studio Clinics: Q&A with Reach7 Founder Chun Yong

Most-Read

Medtronic to Separate Diabetes Business into New Standalone Company

Medtronic to Separate Diabetes Business into New Standalone Company

White House, IBM Partner to Fight COVID-19 Using Supercomputers

HHS Sets Pricing Targets for Trump’s EO on Most-Favored-Nation Drug Pricing

23andMe to Mine Genetic Data for Drug Discovery

Regeneron to Acquire Key 23andMe Assets for $256M, Pledges Continuity of Consumer Genome Services

CureIS Healthcare Sues Epic: Alleges Anti-Competitive Practices & Trade Secret Theft

The Evolving Role of Physician Advisors: Bridging the Gap Between Clinicians and Administrators

The Evolving Physician Advisor: From UM to Value-Based Care & AI

UnitedHealth Group Names Stephen Hemsley CEO as Andrew Witty Steps Down

UnitedHealth CEO Andrew Witty Steps Down, Stephen Hemsley Returns as CEO

Omada Health Files for IPO

Omada Health Files for IPO

Blue Cross Blue Shield of Massachusetts Launches "CloseKnit" Virtual-First Primary Care Option

Blue Cross Blue Shield of Massachusetts Launches “CloseKnit” Virtual-First Primary Care Option

Osteoboost Launches First FDA-Cleared Prescription Wearable Nationwide to Combat Low Bone Density

Osteoboost Launches First FDA-Cleared Prescription Wearable Nationwide to Combat Low Bone Density

2019 MedTech Breakthrough Award Category Winners Announced

MedTech Breakthrough Announces 2025 MedTech Breakthrough Award Winners

Secondary Sidebar

Footer

Company

  • About Us
  • Advertise with Us
  • Reprints and Permissions
  • Submit An Op-Ed
  • Contact
  • Subscribe

Editorial Coverage

  • Opinion
  • Health IT
    • Care Coordination
    • EMR/EHR
    • Interoperability
    • Population Health Management
    • Revenue Cycle Management
  • Digital Health
    • Artificial Intelligence
    • Blockchain Tech
    • Precision Medicine
    • Telehealth
    • Wearables
  • Startups
  • Value-Based Care
    • Accountable Care
    • Medicare Advantage

Connect

Subscribe to HIT Consultant Media

Latest insightful articles delivered straight to your inbox weekly

Copyright © 2025. HIT Consultant Media. All Rights Reserved. Privacy Policy |