This summer, millions of medical patients have learned that their personal information, including names, addresses, birthdates, Social Security numbers, Medicare or health plan ID numbers, and some medical information (conditions, medications, procedures and test results) may have been exposed as a result of two separate security breaches.
California’s UCLA Health announced on July 21, 2015 that their information system has been attacked, possibly beginning in November 2014, and that the unencrypted medical information of over 4.5 million patients may have been accessed. This latest breach follows a 2006 hack compromising personal data, leading some security experts, including Securonix chief scientist Igor Baikalov, to question why UCLA and other medical providers still have not encrypted this sensitive information.
A major security breach to NoMoreClipboard, a paperless medical patient information portal allowing access to all medical records, was also reported by the Ft. Wayne, Indiana company Medical Informatics Engineering (MIE), which has affected individuals across several states. When the attack was discovered, MIE immediately contacted the FBI Cyber Squad, and was working with the FBI to investigate the source of the attack.
According to the Department of Health and Human Resources, there have been 1,100 separate breaches since 2009 exposing sensitive health care information for more than 120 million Americans, or one-third of the nation’s population. Experts, including Trine University Professor of Computer Science Tim Carver, have explained that, with attacks occurring nearly every hour, constant upgrading of security systems is necessary to protect sensitive information. The problem is that constant monitoring and upgrades are costly, leading some, including Carver, to conclude that the best way to protect oneself may be to stay offline.