Imagine having all of your private health information hacked into by cyber terrorists. With EHR and Health IT rising, cyber health hacking is a very real threat.
It's the modern-day version of purse snatching. High tech cyber terrorists hacking into your home or work computer to steal everything from your credit card numbers to your digital health records. Imagine learning that these Internet interlopers have stolen your identity and are now using your information for their own personal or professional gain, or worse, draining your bank account to pay for their own medical expenses.
A very real threat
This kind of nightmare is a very real threat these days, as the digitization of health care increases in size and scope.
In response, the Health Information Trust Alliance (HITRUST) has recently announced that it is conducting the first empirical and comprehensive study, called HITRUST Cyber Discovery, to "analyze the methods, severity and pervasiveness of cyber threats targeting a variety of health care organizations."
Scope of study
The study will examine the magnitude, complexity, relations of cyber-attacks, commonalities of target organizations and data and degree of cyber threats that are persistent within health care organizations. The goal is to identify attack patterns and their occurrence rates, as well as the magnitude and sophistication level of specific threats.
The level of speculation around attacks, targets and persistent threats has reached an all-time high,” says Daniel Nutkis, chief executive officer, HITRUST. “To combat this growing concern, we need more facts to better dissect threats and develop a corresponding strategy to address them. This research will provide valuable data to those charged with keeping healthcare information secure.
According to HITRUST, it is a well-known fact that the health care industry is a large target of cyber attacks, with some surveys suggesting that health care is ahead of all industries with 42.5 percent of overall breaches identified in 2014.
Unfortunately, says HITRUST, most of the information is survey-based and lacks the necessary details to better understand the scale, target, method and sophistication level of the cyber threats and attacks. As a result, this creates much speculation as to the extent of the impact on health care organizations.
Cyber-related breaches at Community Health Systems, Anthem and Premera Blue Cross have raised the concern and urgency of the need for a comprehensive examination of the problem.
Who will be recruited
Approximately 210 health plans and provider organizations will be recruited to participate in the study, the scope of which will include:
- Detection of advanced persistent threat and perpetrators
- Analysis and forensics of malware and other threats
- Attacks against specific data, organizations and industry segments
Impact of cyber attacks
Cyber attacks are known for having the potential to impact privacy, disrupt facility operations or cause harm to patients directly.
Health care organizations are at particular risk because of their ability to create, store and exchange large amounts of patient and member data, including personal health information, personal identifiable information, financial information such as credit card numbers, enrollment forms, lab reports and clinical research.
HITRUST says due to the sensitivity of this type of information, the health care industry is a "high value target of threat actors ranging from nation states to hactivists".
"As an industry, we are all in the crosshairs and need vision and leadership to coordinate a unified front to defend against cyber threats,” says Raymond Biondo, divisional senior vice president, Health Care Services Corp. “This comprehensive study will give us unique insights into the actual level, targeting, degree and persistence of cyber-attacks to better focus our efforts as an industry."
Participants will have access to highly sophisticated collection and analysis tools and resources in order to provide detailed information regarding cyber events and threats within their environment free of charge. In return, they will be required to provide anonymized data regularly to HITRUST for analytical purposes.
An initial report of findings and recommendations will be published approximately four months from the launch of the study.
Any organizations wishing to participate in the HITRUST Cyber Discovery Study can get more information or register for the discovery until May 10, 2015.
What's at risk
Just to give you an example of what's at risk, on March 17, a health insurer based in Washington state, Premera, announced it had fallen victim to a massive cyber-attack in May 2014 that may have exposed the personal information of more than 11 million individuals.
The attack mined data from four Premera health plans or affiliates and stored information on members' personal data, such as bank accounts, birth dates, social security numbers and more.
This is all the more reason why we should all pay attention to any news of cyber attacks, whether they're on the digital health front or otherwise. Identity theft has many tentacles, ones that reach out and bite and do a significant amount of damage. You might want to ask your health care provider what security measures they have in place to prevent cyber attacks that could compromise your privacy and financial information.
The nuviun blog is intended to contribute to discussion and stimulate debate on important issues in global digital health.