By Catherine Powell
Image courtesy Pixabay |
It's hard enough to get an appointment with a doctor these days. But that's nothing compared to the gridlock that hackers create when they breach the security of healthcare providers. Recent cyberattacks have done everything from derailing patient drug access, to shutting down doctor's offices, hospitals and emergency rooms. Before you wind up being denied medical care the next time you go to the doctor's office, there are a few things you need to know about the state of the healthcare system in this country.
Don't try calling 911
While every American knows all about the attacks that took place on 9/11/2001, most aren't aware of the hack attack that brought down the Suffolk County NY emergency call center and police department on September 19, 2018. According to a blog posted on nbcnewyour.com, that's when 911 dispatchers and the police were taken back to 19th century technology after hackers disabled county government computers. This forced the call center to resort to pen and paper to record emergency calls. It also forced the department to bring in five additional call center operators to handle the mess that was created when the automated emergency response system was crippled. Adding insult to injury, the hackers threatened to release hordes of illicitly obtained information on the dark web that they'd scraped from county computers unless the county paid millions of dollars in ransom.
Doctor, doctor, give me the news.
* The ides of March 2023 didn't bode well for PharMerica. That's when a data breach affecting 5.8 million Americans was reported. The company discovered a third party had gained access to their computers from March 12-23. A company spokesperson admitted the hackers stole files containing the names, addresses, phone numbers, and email addresses of individuals. The company also admitted that a subsection of those affected may have had their Social Security, Medicaid, and/or Medicare numbers exposed to the hackers.
* Medical technology company Health EC revealed on December 22, 2023 that a breach had occurred where the files of 4.4 million individual were copied, including more than 1 million from Michigan residents. The organizations affected by the breach included Mid-Florida Cancer Centers, HonorHealth, Community Healthcare Systems, University Medical Center of Princeton Physician's Organization, and Tennessee's managed Medicaid agency. Hackers got away with patient information, including home addresses, dates of birth, Social Security numbers, as well as medical and prescription information.
* In July 2023, members of HCA Healthcare were shocked to find out that a data breach had compromised the medical records of more than 11 million people. Some HCA members started receiving medical bills even though they hadn't sought any medical care. Others were forced to cancel credit and/or debit cards after their numbers were posted on the dark web. The HCA hack was the epicenter of a massive assault on the US healthcare system that inevitably saw nearly a third of patient's healthcare records (more than 133 million) being exposed due to hackers. According to a Feb 2024 blog post on USA Today, "An average of two health data hacks or thefts of at least 500 records were carried out daily last year in the United States."
Image courtesy Pixabay |
While those companies whose records were stolen were quick to beef up their cyber security after the breaches had taken place, many whose records were exposed didn't learn of the breach until after they had their lives turned upside down. That's because in many cases, the purloined records contained everything from names, addresses, phone numbers, and date of birth, to gender, and credit card number. This allowed the hackers to either sell the data online or use it to make purchases or open up accounts in the victim's name. Not only did the HCA breach cause financial harm to some members, the hack even spawned a class action lawsuit.
* According to HIPAA, there were 665 major healthcare breaches affecting 116.5 million Americans in 2023. More than 80% of them involved computer hacks at healthcare providers, health insurers, pharmaceutical companies, and medical transcription services. Some of these hacks contributed to patient care disruption and financial damage to those affected.
Not what the doctor ordered.
A March 5, 2024 blog posted by the Washington Post detailed the hack of a little known medical payment processor named Change Healthcare which was disrupted by a ransomware attack by the BlackCat Group. The company, which is responsible for processing half the medical claims in the nation, according to the Post, was rendered all but useless when their servers were locked down following the hack. As a result, millions of Americans found it nearly impossible to get prescriptions filled, since affected pharmacists, hospitals, and doctors found in impossible to collect payments from health insurance companies. This caused patients to either cough up the cash price for their pharmaceuticals, or to do without. For some patients whose prescription costs went from a few dollars to hundreds of dollars, this forced them to make decisions that could have cost them their lives. Other patients found their treatments being delayed or even cancelled when their doctors were unable to obtain authorization for tests and procedures. This included treatments that could literally mean life or death to some patients.
According to the Post, "Oncologist Barbara McAneny, chief executive of New Mexico Oncology Hematology Consultants, treats cancer patients in Albuquerque and Gallup, N.M. Because of the hack against Change Healthcare, she’s concerned that she won’t be able to make payroll or pay for the chemotherapy her patients need. Her practice spends about $5 million every month on cancer drugs. She also needs the money to pay 270 employees, but right now no cash is coming in."
The BlackCat hackers also stole four terabytes of medical data and encrypted company files containing sensitive medical information. Even though it was rumored that Change Healthcare paid the $22 million ransom, the company still had trouble reestablishing services to all its many customers.
What can you do to protect your healthcare data?
- Never post health-related information about yourself online. Hackers troll for such tidbits to zero in on potential victims. Don't make their job any easier than it already is.
- Make sure you secure your own devices. Any health info you store on your phone, tablet, or laptop needs to be protected by strong passwords and security software.
- Verify the identity of any third party you share medical or financial information with. You'd be surprised at how slick hackers can be to get you to cough up data they can use to turn a profit.
- Refrain from using the cloud or any third party not directly connected to delivering healthcare to store medical information.
- Don't divulge more info to healthcare providers than necessary. With the exception of your healthcare insurer, Medicare, or Medicaid provider, refrain from divulging your Social Security number to any other healthcare providers. This way if they get hacked, you'll limit the amount of information that can be stolen from your account. (With an SSN, a hacker can have a field day.)
Image courtesy Pixabay |
These days just looking at the doctor's bill can put you on the critical list.
ReplyDelete