Hackermania running wild, 2015 edition

[grow_thumb image=”http://telecareaware.com/wp-content/uploads/2015/02/Hackermania.jpg” thumb_width=”300″ /]

Do we need the Hulkster Running Wild against Hacking? It’s so heartwarming to see the mainstream press catch up to what your Editors have been whinging on for the past few years: that healthcare data is the Emperor With No Clothes. Here we have Reuters and the New York Times with a case of the vapors, seeking a fainting couch. Reuters dubs 2015 ‘The year of the healthcare hack’. The FBI is investigating the AnthemHealth breach, while their counterparts UnitedHealth, Cigna and Aetna are in full, breathless damage control mode. The Times at least delves into the possibility that it was at least partially instigated by China and the People’s Liberation Army (PLA) unit that trolls for intellectual property.

Our Readers, savvy to your Editors’ warnings since at least 2010, were aware that the drumbeat accelerated this past summer. (more…)

The sheer screaming attractiveness of medical ID theft

[grow_thumb image=”http://telecareaware.com/wp-content/uploads/2014/10/screenshot-med-25.jpg” thumb_width=”170″ /]Harry Lime Lives!  It’s the 1949 Vienna of ‘The Third Man’ when it comes to the black market of medical identity theft. Data breaches are easier than heisting penicillin off an Army Medical Corps truck and far less noticeable–there’s always a lag time in discovery as more than one health system (Community Health System) found. And protected health information (PHI) has value down the line. According to a report cited by FierceHealthIT:

  • Simple data comes cheap: names, birth dates and health insurance contract with group numbers fetch a pedestrian $20.
  • Add Social Security (SSI) numbers, banking and credit card information, and these ‘kits’ fetch $1,500. These can be used for financial fraud of multiple types or alternate identities.
  • Add medical data, and direct marketing data brokers and pharmacy benefit companies are willing to pay. They use it for legitimate (but annoying) purposes, such as targeting those with specific diseases.
  • Add physical identification, and the value goes through the roof for fake passports, driver’s licenses and visas.

The ways PHI can be accessed are many: EHRs, paper records, stolen laptops, CDs, accounting systems, provider, insurer and supplier systems, and simple ‘friendly fraud’ (more…)

Data breaches and ‘hackermania’ running wild

Data breaches remain in the news–and the debate around how best to secure data rages.

Everything old is new again. UK website Computing reported that East Midlands Ambulance Service NHS Trust lost a data cartridge containing 42,000 records from its divisional headquarters in Nottingham. It was a small but deadly cartridge containing scanned handwritten copies of Patient Report Forms from September to November 2012. However, it can only be read on a now-obsolete cartridge reader, one of which is on the Trust’s premises. An interesting project for a ‘cracker’? Perhaps someone thought it was an old paperweight? Is this the virtue of old tech?

Wakey, wakey Hermann! Memorial Hermann Health System in Houston, Texas had an unauthorized employee nosing around patient records for seven years up to July, affecting at last count 10,604 patients. Compromised were health insurance information, Social Security (SSI) numbers, names, addresses and dates of birth (DOB). Obviously they weren’t firewalled and easy to access. No motive cited. According to HealthITSecurity, this person has been suspended, not fired. Also iHealthBeat.

Nothing to see here…move on. Breaking News. Healthcare.gov was breached in July by a hacker uploading malicious software to a server used to test code. No evidence that personal information was compromised. HHS maintains this was the first successful intrusion. We’ll see. MarketWatch (excerpt of WSJ paywalled story)

Is any system hackerproof? Reader Joanne Chiocchi cited this Editor’s first article on the massive CHS breach (from the reprint in HITECH Answers–thank you, Roberta Mullin) and posed this question on LinkedIn’s Ellen’s Ethical Lens group. 48 comments later, (more…)