Hacking Health Care Records Reaches Epidemic Proportions

Nsikan Akpan | Scientific American | March 29, 2016

With 3.5 million records already compromised in 2016, the health care industry has averaged close to four data breaches per week

In February 2015, Anthem made history when 78.8 million of its customers were hacked. It was the largest health care breach ever, and it opened the floodgates on a landmark year. More than 113 million medical records were compromised last year, according to the Office of Civil Rights (OCR) under Health and Human Services. Consider it this way: if each case represented a single individual, one in three Americans would have been a victim.

This year looks tame by comparison, but it’s only March, and 3.5 million medical records have already been compromised. Based on this this list from the U.S. Department of Health and Human Services, the health care industry has averaged close to four data breaches per week in 2016 so far. “If you think about it, that’s pretty bad, because we all interact with the health care system,” computer scientist and information security expert Avi Rubin said while discussing the state of hospital cybersecurity at the USENIX Enigma Conference in January.

Before becoming director of the Johns Hopkins University Health and Medical Security Lab, Rubin provided cybersecurity for companies across many industries. Banks. Car-rental companies. Retail stores. You name it. But the health care sector was the “absolute worst” in terms of cybersecurity problems, he said. “Their data security practices were so far below every other industry,” Rubin said. Indeed, the health care sector ranked second in U.S. data breaches in 2015 and placed in the top 10 on Verizon’s global hacking report...