Yet Another Health Care Data Breach

Health care records get hacked on a regular basis, seemingly every day. The latest breach happened in Anchorage, Alaska. Alaska’s KTUU reported previously this month that an anonymous hacker group claimed the stealing of 10,000 patient records. If the group’s latest claims are accurate, an additional 50,000 patient records will have been compromised.

Chloe Martin, an FBI Anchorage Public Affairs officer, said in a statement. “As a matter of longstanding policy, the FBI can neither confirm nor deny the existence, or otherwise provide status updates of an investigation, unless, if and until charges are filed.” When the FBI won’t deny breaches, odds are… it’s confirmed. This is especially true in the US, where government regulations for personal privacy are basically non-existent.

Anchorage Neighborhood Health Center confirmed the data security incident occurring on their network, via their website. As a result, you should be asking, “If the health center admits it, why won’t the FBI?”

ANHC immediately initiated response protocols and proactively took the affected systems offline to protect their data and patients’ information. The health center stated, “We are working with third-party cyber-security experts to conduct a comprehensive investigation into the nature and scope of the incident and we have also notified law enforcement.”

I don’t know about you, but personally, if they have to work with third-party cyber-security, then the health center’s IT isn’t smart enough to be running a system that is online around the clock.

Here’s a bit of advice for every health center out there. Take all your systems offline and contain them in house. If another facility needs info on a patient, take your choice. Send an encrypted file, or even an old-fashion fax. Both are better than being online 24/7 for anyone to hack into.

ANHC is eligible for funding under the Public Health Service Act and qualifies for “enhanced reimbursement from Medicare and Medicaid.” Maybe this is why they were hacked – to commit Medicare and Medicaid fraud. That, too, happens just about every day.

Abhishek Karnik, of McAfee Threat Research, stated, “Data breaches have become a regular part of the digital landscape — and healthcare providers are often targeted because of the sensitive and valuable information they hold. We commonly see names, addresses, phone numbers, Social Security numbers, driver’s license details, emails and sometimes even medical histories exposed. That’s the kind of data scammers can use for identity theft, phishing, or even impersonation months or years down the line."

We should all know the dangers by now. Unfortunately, you have little recourse. Government has forced any hospital taking government money to put your information into an easy-to-access national database. That’s great if you’re in another state and are in need of emergency medical care. But based on numbers, you’re far more likely to have your data stolen, than need care away from your home base.

Pretty much the only thing you can do, because government won’t protect you, is to not get sick. And if you do, don’t give any information that isn’t absolutely necessary for your care.

Source used: KTUU, Alaska