America’s medical records systems are flirting with disaster, say the experts who monitor crime in cyberspace. A hack that exposes the medical and financial records of hundreds of thousands of patients is coming, they say — it’s only a matter of when.
As health data become increasingly digital and the use of electronic health records booms, thieves see patient records in a vulnerable health care system as attractive bait, according to experts interviewed by POLITICO. On the black market, a full identity profile contained in a single record can bring as much as $500.
“What I think it’s going to lead to, if it hasn’t already, is an arms race between the criminal element and the people trying to protect health data,” said Robert Wah, president of the American Medical Association and chief medical officer at the health technology firm CSC. “I think the health data stewards are probably a little behind in the race. The criminal elements are incredibly sophisticated.”
The infamous Target breach occurred last year when hackers stole login information through the retailer’s heating and air system. Although experts aren’t sure what a major health care hack would look like, previous data breaches have resulted in identity and financial theft, and health care fraud.
Significant breaches are already occurring. Over the course of three days, hackers using a Chinese IP address infiltrated the St. Joseph Health System in Bryan, Texas, and exposed the information of 405,000 individuals, gaining names, address, Social Security numbers, dates of birth and other information.
It was the third-largest health data breach tracked by the federal government.
The L.A. Gay & Lesbian Center reported late last year that hackers attacked its computer systems over a course of two months trying to steal credit card, Social Security and other financial information. About 59,000 clients and former clients were left vulnerable.
While a stolen credit card or Social Security number fetches $1 or less on the black market, a person’s medical information can yield hundreds of times more, according to the World Privacy Forum. Thieves want to hack the data to gain access to health insurance, prescription drugs or just a person’s financial information
The Identify Theft Resource Center — which has identified 353 breaches in 2014 across industries it tracks, says almost half occurred in the health sector. Criminal attacks on health data have doubled since 2000, according to the Ponemon Institute, an industry leader in data security.
Health care is the industry sector least prepared for a cyberattack, according to security ratings firm BitSight Technologies. The industry had the highest volume of threats and the slowest response time, leading the FBI in April to issue a warning to health care providers.