Health Plan Giant Falls Prey to Cyberattack

Health Plan Giant Falls Prey to Cyberattack

Those who work in the healthcare industry know all too well how important it is to protect the health information entrusted to them. That doesn’t make the task any easier. Even large health insurance companies with megabucks to spend on securing their clients’  health information are vulnerable to the attacks of cyber criminals—even Premera Blue Cross.

Premera—an independent licensee of the Blue Cross Blue Shield Association, serving businesses and residents of Alaska and Washington—discovered on January 29 that they had fallen victim to a cyberattack, exposing more than 11 million individuals to possible identify theft.

As required by law, a breach of this magnitude must be reported to the secretary of Health and Human Services, and the secretary must post the breach online. If you take a look at the HHS Office of Civil Rights breach portal, you’ll see that there have been more than 1,100 reported data breaches involving 500 or more individuals since launching the website in 2009.

The Premera breach is the second biggest this year. Just days earlier, an Anthem-affiliated covered entity reported a security breach of more than 78 million individuals’ personal health information.

According to Intel Security and the Atlantic Council’s latest report on cyber risks, “about 44 percent of all registered data breaches in 2013 targeted medical companies, with the number of breaches increasing 60 percent between 2013 and 2014,” reports Shirley Li for The Atlantic.

Fight Back Against Cyberattacks

Large corporations have the financial resources to overcome cyberattacks, but most small physician offices do not. Even private practices are at risk for data breaches.

On February 12, 2013, President Obama issued Executive Order 13636 “Improving Critical Infrastructure Cybersecurity.” The order called for the development of a Cybersecurity Framework that organizations can use to help reduce and manage their cybersecurity risks.

As a result, the National Institute for Technology and Standards (NIST) published a Framework for Improving Critical Infrastructure Cybersecurity. In its own words, “The Framework enables organizations — regardless of size, degree of cybersecurity risk, or cybersecurity sophistication — to apply the principles and best practices of risk management” to make critical infrastructure more secure.

In parallel with the Framework, the Office of the National Coordinator for Health Information Technology (ONC) continues to develop educational resources around healthcare cybersecurity and risk management. A few examples include:

Incorporating the latest security measures and providing employees with continued education are important first steps to fighting back against cyberattacks.

2017-code-book-bundles-728x90-01

Renee Dustman

Renee Dustman

Renee Dustman is executive editor at AAPC. She has a Bachelor of Science degree in Journalism and a long history of writing just about anything for just about every kind of publication there is or ever has been. She’s also worked in production management for print media, and continues to dabble in graphic design.
Renee Dustman

Latest posts by Renee Dustman (see all)

About Has 428 Posts

Renee Dustman is executive editor at AAPC. She has a Bachelor of Science degree in Journalism and a long history of writing just about anything for just about every kind of publication there is or ever has been. She’s also worked in production management for print media, and continues to dabble in graphic design.

Leave a Reply

Your email address will not be published. Required fields are marked *