Hackers recently attacked the IRS, breaking into its system to steal data on 104,000 taxpayers and collecting up to $50 million in refunds. If that wasn’t painful enough for most Americans to think about, add in the pain from recent breaches of health care data that exposed the personal and health data of millions.
Now the question is not “whose data has been exposed?” but “whose data hasn’t been exposed, yet?”
In fact, the health care industry is experiencing a surge in data breaches, security incidents, and criminal attacks — exposing millions of patients and their medical records — according to the latest Ponemon Institute study.
Who is most vulnerable? Health care organizations including hospitals, clinics, private or public health care providers — also referred to as “covered entities;” and their “business associates,” including patient billing, health plans, claims processing, and cloud services.
Even the US Coast Guard, so proficient at protecting our coastlines, was recently slapped for serious shortcomings in protecting personal health information.
And, of course, you’ve heard the recent news of breaches at Anthem, Premera Blue Cross, and CareFirst.
Speaking of those breaches, the following slideshow identifies at a glance what was compromised. Let’s take a look (and be glad it isn’t longer).
What was exposed in recent breaches?
Thieves got “enough personal information on the taxpayers to get past the security filters on the ‘Get Transcript’ function on the Internal Revenue Service’s website,” said Commissioner John Koskinen. That access during mid-February through May allowed them to gain access to past tax returns. And, presumably, all the data you enter on a return: name, address, Social Security numbers, income, and more.
Beacon Health System
Information on 220,000 of Beacon Health System’s patients and employees could have been compromised, Healthcare IT News reported, “including patient names, ID numbers, Social Security numbers, dates of birth, medical diagnoses, treatment data, drivers’ license information, and other medical-related information.” Apparently attackers gained access to these files via a phishing attack on Beacon employee email accounts in November 2013 and weren’t discovered until January 2015.
The 1.1 million-record hack of CareFirst, a BlueCross provider in Washington, D.C., occurred last June, and was just discovered recently. The hacked info “may have included member names, birth dates, email addresses and subscriber identification numbers. Additionally, CareFirst warned that the attackers may have acquired member-created user names for accessing CareFirst’s Website,” eWeek reported.