Extract from Doug Austin’s article “Healthcare Organizations Continue to Be Under (Cyber) Attack”
Are the moles winning? A few months ago, I wrote how the job of protecting protected health information (PHI) regulated by the Health Insurance Portability and Accountability Act (HIPAA) is becoming more like a game of “Whac-a-Mole” because there are more places than ever where PHI can appear. As we can see from the latest batch of cyber attacks on healthcare organizations, the healthcare organizations may be losing the game.
Recent Healthcare Organization Cyber Attacks
It doesn’t take more than a few web searches to find several recent cyber attacks on healthcare organizations. Here are eight that were reported in just the past few weeks:
- Newman Regional Health: They identified suspicious activity within an e-mail account and determined there was unauthorized access to a limited number of e-mail accounts between January 26, 2021, and November 23, 2021 – almost 10 months of exposed information that “may have included individuals’ names; dates of birth; medical record or other identification numbers; addresses, phone numbers, or e-mail addresses; limited heath, treatment or insurance information”. They also said: “a limited group of individuals may have social security number or financial information affected.”
- Wellstar Health System: They also suffered a data breach through their email system over approximately one month. The information exposed included names, medical record numbers, unique Wellstar account numbers, and laboratory information.