IT

What data hackers get from hospital

When hospitals are hacked, the public hears about the number of victims – but not what information the cybercriminals stole. New research from Michigan State University and Johns Hopkins University is the first to uncover the specific data leaked through hospital breaches, sounding alarm bells for nearly 170 million people.

Photo

“The major story we heard from victims was how compromised, sensitive information caused financial or reputation loss,” said John (Xuefeng) Jiang, lead author and MSU professor of accounting and information systems. “A criminal might file a fraudulent tax return or apply for a credit card using the social security number and birth dates leaked from a hospital data breach.”

Until now, researchers have not been able to classify the kind or amount of public health information leaked through breaches; thus, never getting an accurate picture of breadth or consequences. The findings encompass 1,461 breaches that happened between Oct. 2009 and July 2019.

Jiang and co-author Ge Bai, associate professor of accounting at Johns Hopkins Carey Business School and Bloomberg School of Public Health, discovered that 169 million people have had some form of information exposed because of hackers.

Three categories

To uncover what specific information was exposed, the researchers classified data into three categories: demographic, such as names, email addresses and other personal identifiers; service or financial information, which included service date, billing amount, payment information; and medical information, such as diagnoses or treatment.

“We further classified social security and driver’s license numbers and birth dates as sensitive demographic information, and payment cards and banking accounts as sensitive financial information. Both types can be exploited for identity theft or financial fraud,” Jiang said. “Within medical information, we classified information related to substance abuse, HIV, sexually transmitted diseases, mental health and cancer as sensitive medical information because of their substantial implications for privacy.” 

Over 70% of the breaches compromised sensitive demographic or financial data that could lead to identity theft or financial fraud. More than 20 breaches compromised sensitive health information, which affected 2 million people.

Recommended article

Photo

Digital hygiene

Hospitals must be prepared for ransomware attacks

Dr Krishna Chinthapalli, a neurology registrar at the National Hospital for Neurology and Neurosurgery in London, describes how a virus - or “ransomware” - infected and locked computers at the Hollywood Presbyterian Medical Center in Los Angeles hospital in February 2016.

“Without understanding what the enemy wants, we cannot win the battle,” Bai said. “By knowing the specific information hackers are after, we can ramp up efforts to protect patient information.”

With a newfound understanding of what explicit data was leaked – and how many over the last decade were affected – the researchers offer hospitals and health providers suggestions on how to better protect patients’ sensitive information.

The researchers suggest that the Department of Health and other regulators formally collect the types of information compromised in a data breach to help the public assess the potential damages. Hospitals and other healthcare providers, Jiang said, could effectively reduce data breach risks by focusing on securing information if they have limited resources. For example, implementing separate systems to store and communicate sensitive demographic and financial information. 

Jiang noted that the Department of Health and Human Services and Congress recently proposed rules that encourage more data-sharing, which increases the risks for breaches. He said that he and Bai plan to work with lawmakers and industries by providing practical guidance and advice using their academic findings.

24.09.2019

Read all latest stories

Related articles

Photo

A look into the crystal ball

Experts debate predictive potential of AI

‘Hello, John? You are about to suffer a heart attack – please come to the hospital immediately!’ Will we, one day, be collected by emergency doctors even before we’re ill? If it was up to…

Photo

Transformation

The USA’s digital healthcare revolution

The digital revolution in healthcare in the United States is marching steadily forward, spurred by federal government regulations and financial incentives, by technological innovations, and by the…

Photo

Consumer Electronic Show

Blockchain, Blue Button and interoperability among hot topics at CES 2018

The tech world descended upon Las Vegas this week for the annual Consumer Electronics Show, and plenty of health IT’s biggest players were in attendance. While much of the discussion was on…

Related products

Beckman Coulter – Remisol Advance

LIS, Middleware, POCT

Beckman Coulter – Remisol Advance

Beckman Coulter, Inc.
medigration – webConnect

Portal Solution

medigration – webConnect

medigration GmbH
Siemens Healthineers - CentraLink Data Management System

LIS, Middleware, POCT

Siemens Healthineers - CentraLink Data Management System

Siemens Healthineers
Agfa HealthCare – Dose

Dose Management Systems

Agfa HealthCare – Dose

Agfa HealthCare
Agfa HealthCare – DR 14e detector

DR Retrofit

Agfa HealthCare – DR 14e detector

Agfa HealthCare
Agfa HealthCare – DR 14s detector

DR Retrofit

Agfa HealthCare – DR 14s detector

Agfa HealthCare