June 25, 2022

Volume XII, Number 176

Advertisement
Advertisement

June 24, 2022

Subscribe to Latest Legal News and Analysis

June 23, 2022

Subscribe to Latest Legal News and Analysis

June 22, 2022

Subscribe to Latest Legal News and Analysis

Health Care Industry Familiar with HIPAA Breaches, Not So Much Hackers

Community Health Systems (“Community”), which operates 206 hospitals in 29 states, recently notified 4.5 million of its patients that online hackers had stolen personal data information from its systems in a period between April and June 2014. The data included names, addresses, birthdates, telephone numbers and Social Security numbers—all of which are protected under HIPAA. According to Community, the data did not include financial or medical information.

Computer Keyboard

It has been reported that the hackers responsible for the attack are a group of cybercriminals from China that traditionally go after intellectual property, including medical device and equipment development data.  They used malicious software to obtain the data, which has since been removed by Community from the network. Further remedial efforts are already underway, including notifying affected patients and offering them identity theft protection services.

Hospitals should be accustomed to protecting data against privacy breaches as part of their HIPAA obligations, but outright cybertheft is a threat that many providers have not likely considered. The FBI, which is now investigating the Community incident, said in April that health care providers typically do not use the same high levels of security technology as companies in other industries (such as banking or retail). This makes providers an easy target for hackers. If a leading hospital system like Community can be breached, then hospitals of every size are at risk.

It is crucial that HIPAA-covered entities (and their business associates) understand and identify potential threats to their secured information. The importance of HIPAA risk analysis cannot be stressed enough; in fact, a risk analysis is required as the first step in HIPAA Security Rule compliance. While it may be impossible to build an impenetrable fortress of secured online information, it is evident that health care providers must continue to make it a top priority to protect patient records – both from HIPAA breaches and hackers.

© 2022 by McBrayer, McGinnis, Leslie & Kirkland, PLLC. All rights reserved.National Law Review, Volume IV, Number 240
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement

About this Author

Christopher J. Shaughnessy, Health Care Attorney, McBrayer Law Firm
Associate

Christopher J. Shaughnessy is an attorney at McBrayer, McGinnis, Leslie & Kirkland, PLLC. Mr. Shaughnessy concentrates his practice area in health care and is located in the firm's Lexington office. He has extensive experience in the health care law industry. Mr. Shaughnessy represents institutions such as hospitals and nursing homes as well as individual medical professionals, including physicians, mid-level practitioners and nurses. He also represents small offices and large offices that are part of large networks. Some of the services he commonly provides are in the following...

859-554-4414
Advertisement
Advertisement
Advertisement