Take Heed: Cyberattacks Rock All Parts of the Healthcare Industry

Take Heed: Cyberattacks Rock All Parts of the Healthcare Industry

Cyberattacks have become ubiquitous, and while they hit many industries, did you know that healthcare tops ALL industries, when it comes to money lost in data breaches?

Between 2022 and 2023, healthcare industry losses from data breaches increased by over 8 percent, going from $10 million to $11 million, twice as much as the second-most breached industry. And over the past three years, the average cost of a data breach in healthcare grew by over 50 percent.

As an employee in the healthcare technology sector, I’m inundated by news of cyberattacks and their implications, but never more than recently.

In June, I went on new parent leave from work for over a month. When I returned just two weeks ago, I had hundreds of unread emails and news alerts to catch up on, but the issue of data breaches stood out. Here’s just a taste of what I came back to:

  • 1.7 million Oregon Health Plan members affected by a coordinated data hack that compromised their private member data.
  • A ransomware attack affecting facilities in a 16-hospital system with facilities located around the country. ED services, elective surgeries, urgent care, wound healing, and several other specialties all shut down.
  • A sizable, national healthcare facilities operator facing its fifth patient lawsuit related to a July data breach that compromised information of 11 million patients from 171 hospitals across 19 states.
  • A data security “incident” at hospitals and clinics operated in California, Texas, Connecticut, Rhode Island, and Pennsylvania, causing suspension of elective surgeries, outpatient appointments, and primary care services.
  • One of Florida’s largest hospitals hit by three weeklong hacks that obtained personal data of 1.2 million patients, including names, addresses, phone numbers, birthdates, Social Security numbers, health insurance information, and medical record numbers.

This is not just a patient privacy issue or a health plan/system financial issue. It’s also a patient safety issue, especially when medical facilities are forced to delay treatments and divert ambulances.

Fallout from a cyberattack on one hospital or system often has a ripple effect, causing adjacent facilities to see an uptick in ambulances arriving, patient volume, and wait times to receive care.

In fact, the number of scenarios in which a patient left these adjacent facilities without even being seen by a doctor was shown to have risen by an overwhelming 127 percent!

Additionally, healthcare organizations often report increased patient mortality rates, poor patient outcomes, and complications from medical procedures after experiencing a data breach.

In short, healthcare is a leading target for cyberattacks because it has numerous virtual vulnerabilities that, according to an FBI cybersecurity specialist, are nearly impossible to fully eliminate.

For instance, healthcare providers are a prime target for cyber criminals because they retain tons of sensitive patient data, like healthcare histories, payment information, and even detailed research data that can be obtained digitally and held for ransom.

This dilemma is compounded by several additional factors, including: a) private patient information is worth a lot of money on the black market; b) the medical industry’s urgent nature lends itself to open and shareable healthcare information; and c) medical technology is constantly becoming outdated, making it an easy entry point for hackers while leaving the industry unprepared for attacks, even with safeguards in place.

Meanwhile, the feds aren’t much help in this area. Aside from setting cybersecurity standards for medical devices and introducing legislation to mandate cybersecurity minimums for hospitals, government regulation is quite sparse.

So, here’s my call to action – we should focus more attention on the cyberattacks bludgeoning this industry and how prevalent they are. We should all be increasingly vigilant, regardless of the role we play in the industry, because this a crisis that can easily affect any of us.

Print Friendly, PDF & Email
Facebook
Twitter
LinkedIn
Email
Print

Adam Brenman

Adam Brenman is a Federal Legislative Analyst at Zelis Healthcare. He previously served as Manager of Public Policy at WellCare Health Plans, where he led an analyst team in review, analysis, and development of advocacy materials related to state and federal legislation/regulatory guidance. He holds a master’s degree in Public Policy & Administration from Northwestern University and has also worked as a government affairs rep/lobbyist for a national healthcare provider association.

Related Stories

Beware of Large Egos

Beware of Large Egos

When hiring consultants or compliance or legal professionals, ego, often insecurity in disguise, can cause big trouble. People who feel a strong need to prove

Print Friendly, PDF & Email
Read More

Leave a Reply

Please log in to your account to comment on this article.

Featured Webcasts

Mastering the Two-Midnight Rule: Keys to Navigating Short-Stay Admissions with Confidence

Mastering the Two-Midnight Rule: Keys to Navigating Short-Stay Admissions with Confidence

The CMS Two-Midnight Rule and short-stay audits are here to stay, impacting inpatient and outpatient admissions, ASC procedures, and Medicare Parts C & D. New for 2024, the Two-Midnight Rule applies to Medicare Advantage patients, requiring differentiation between Medicare plans affecting Case Managers, Utilization Review, and operational processes and knowledge of a vital distinction between these patients that influences post-discharge medical reviews and compliance risk. Join Michael G. Calahan for a comprehensive webcast covering federal laws for all admission processes. Gain the knowledge needed to navigate audits effectively and optimize patient access points, personnel, and compliance strategies. Learn Two-Midnight Rule essentials, Medicare Advantage implications, and compliance best practices. Discover operational insights for short-stay admissions, outpatient observation, and the ever-changing Inpatient-Only Listing.

Print Friendly, PDF & Email
September 19, 2023
Secondary Diagnosis Coding: A Deep Dive into Guidelines and Best Practices

Secondary Diagnosis Coding: A Deep Dive into Guidelines and Best Practices

Explore comprehensive guidelines and best practices for secondary diagnosis coding in our illuminating webcast. Delve into the intricacies of accurately assigning secondary diagnosis codes to ensure precise medical documentation. Learn how to navigate complex scenarios and adhere to coding regulations while enhancing coding proficiency. Our expert-led webcast covers essential insights, including documentation requirements, sequencing strategies, and industry updates. Elevate your coding skills and stay current with the latest coding advancements so you can determine the correct DRG assignment to optimize reimbursement, support medical decision-making, and maintain compliance.

Print Friendly, PDF & Email
September 20, 2023
Principal Diagnosis Coding: Mastering Selection and Sequencing

Principal Diagnosis Coding: Mastering Selection and Sequencing

Enhance your inpatient coding precision and revenue with Principal Diagnosis Coding: Mastering Selection and Sequencing. Join our expert-led webcast to conquer the challenges of principal diagnosis selection and sequencing. We’ll decode the intricacies of ICD-10-CM guidelines, equipping you with a clear grasp of the rules and the official UHDDS principal diagnosis definition. Uncover the crucial role of coding conventions, master the sequencing of related conditions, and confidently tackle cases with equally valid principal diagnoses.

Print Friendly, PDF & Email
September 14, 2023
2024 IPPS Summit: Final Rule Update with Expert Insights and Analysis

2024 IPPS Summit: Final Rule Update with Expert Insights and Analysis

Only ICD10monitor delivers what you need: updates on must-know changes associated with the FY24 Inpatient Prospective Payment System (IPPS) Final Rule, including new ICD-10-CM/PCS codes, plus insights, analysis and answers to questions from the country’s most respected subject matter experts.

Print Friendly, PDF & Email
2024 IPPS Summit Day 3: MS-DRG Shifts and NTAPs

2024 IPPS Summit Day 3: MS-DRG Shifts and NTAPs

This third session in our 2024 IPPS Summit will feature a review of FY24 changes to the MS-DRG methodology and new technology add-on payments (NTAPs), presented by senior healthcare consultant Laurie Johnson, with bonus insights and analysis from two acclaimed subject matter experts

Print Friendly, PDF & Email
August 17, 2023

Trending News