Do we need the Hulkster Running Wild against Hacking? It’s so heartwarming to see the mainstream press catch up to what your Editors have been whinging on for the past few years: that healthcare data is the Emperor With No Clothes. Here we have Reuters and the New York Times with a case of the vapors, seeking a fainting couch. Reuters dubs 2015 ‘The year of the healthcare hack’. The FBI is investigating the AnthemHealth breach, while their counterparts UnitedHealth, Cigna and Aetna are in full, breathless damage control mode. The Times at least delves into the possibility that it was at least partially instigated by China and the People’s Liberation Army (PLA) unit that trolls for intellectual property.
Our Readers, savvy to your Editors’ warnings since at least 2010, were aware that the drumbeat accelerated this past summer. The first Ponemon Institute survey for security mavens IDExperts this Editor passed along was in 2010. In July, the ‘home town paper’ of the political class POLITICO waved its red flag citing the usual sources, which seemed to wake up Foggy Bottom. A month later, the Federal Bureau of Investigation (FBI) officially put healthcare organizations on notice warning that they are being targeted by “…malicious actors targeting healthcare related systems, perhaps for the purpose of obtaining Protected Healthcare Information (PHI) and/or Personally Identifiable Information (PII),” and that “These actors have also been seen targeting multiple companies in the healthcare and medical device industry typically targeting valuable intellectual property, such as medical device and equipment development data.”[TTA 22 Aug 14] (We wonder if the FBI is investigating the sundry breaches and backdoors of Healthcare.gov, embarrassingly closer to home.) And in October, we reviewed ‘the sheer screaming attractiveness of medical ID theft’ likening it to the 1949 Vienna of ‘The Third Man’.
This article has a remarkably prescient closing, one which the HIT staff at AnthemHealth should have read and implemented–fully–beyond their (wise) engagement of TeraData:
Perhaps it’s time to enlist the Hulkster to put hackers in a hammerlock suplex?
Yvonne Li of SurMD takes a fresh and counter-intuitive look over at HITECH Answers that posits that DIY for organizations is not the way to go. Migrating your data to third-party cloud storage partners experienced in ultra-secure storage is a far better choice, as long as it is encrypted start-to-finish and in a failproof way that she describes so that even a non-IT professional can understand.