Skip to main content
Sister Publication Links
  • ESG: THE NEW IMPERATIVE
Subscribe
  • Sign Up Free
  • Login
  • Subscribe
  • News
    • Current News
    • COVID-19
    • Providers
    • Insurance
    • Government
    • Finance
    • Technology
    • Safety & Quality
    • Transformation
    • People
    • Regional News
    • Digital Edition (Web Version)
    • Patients
    • Operations
    • Care Delivery
    • Payment
    • Midwest
    • Northeast
    • South
    • West
  • Digital Health
  • Insights
    • ACA 10 Years After
    • Best Practices
    • Special Reports
    • Innovations
  • Opinion
    • Bold Moves
    • Breaking Bias
    • Commentaries
    • Letters
    • Vital Signs Blog
    • From the Editor
  • Events & Awards
    • Awards
    • Conferences
    • Galas
    • Virtual Briefings
    • Webinars
    • Nominate/Eligibility
    • 100 Most Influential People
    • 50 Most Influential Clinical Executives
    • Best Places to Work in Healthcare
    • Excellence in Governance
    • Health Care Hall of Fame
    • Healthcare Marketing Impact Awards
    • Top 25 Emerging Leaders
    • Top 25 Innovators
    • Diversity in Healthcare
      • - Luminaries
      • - Top 25 Diversity Leaders
      • - Leaders to Watch
    • Women in Healthcare
      • - Luminaries
      • - Top 25 Women Leaders
      • - Women to Watch
    • Digital Health Transformation Summit
    • Leadership Symposium
    • Social Determinants of Health Symposium
    • Women Leaders in Healthcare Conference
    • Best Places to Work Awards Gala
    • Health Care Hall of Fame Gala
    • Top 25 Diversity Leaders Gala
    • Top 25 Women Leaders Gala
    • - Hospital of the Future
    • - Value Based Care
    • - Supply Chain
    • - Hospital at Home
    • - Workplace of the Future
    • - Digital Health
    • - Future of Staffing
    • - Hospital of the Future (Fall)
  • Multimedia
    • Podcast - Beyond the Byline
    • Sponsored Podcast - Healthcare Insider
    • Video Series - The Check Up
    • Sponsored Video Series - One on One
  • Data Center
    • Data Center Home
    • Hospital Financials
    • Staffing & Compensation
    • Quality & Safety
    • Mergers & Acquisitions
    • Data Archive
    • Resource Guide: By the Numbers
    • Surveys
    • Data Points
  • MORE +
    • Contact Us
    • Advertise
    • Media Kit
    • Newsletters
    • Jobs
    • People on the Move
    • Reprints & Licensing
MENU
Breadcrumb
  1. Home
  2. Government
December 14, 2016 12:00 AM

Modern health IT systems and apps offer Christmas gifts to the hacker

Joseph Conn
  • Tweet
  • Share
  • Share
  • Email
  • More
    Reprints Print
    hands and laptop

    More is not necessarily merrier when it comes to health information technology, as this year's plague of hacking incidents demonstrates.

    Health IT systems are becoming more like Christmas trees powered by the internet of things and a drive to connect patients to their medical data through mobile devices, apps and portals.

    This week, lab giant Quest Diagnostics reported a healthcare data breach involving about 34,000 individuals' records. The weak link, Quest reported, was its web-based MyQuest patient portal.

    “The patients themselves are not typically the threat," said Kevin Hyde, managing director of consulting firm Layer 8 Security. "The way a lot of applications are built is they're pieced together. There are relationships between vendors.” And those relationships can sometimes leave openings for hackers, Hyde said.

    “The more vendors you have, the more risk you have,” he said.

    Quest developed its portal as part of its Care 360 cloud-based electronic health record, according to spokeswoman Kim Gorode. The Madison, N.J.-based company is remaining tight-lipped about details of the breach—discovered Nov. 26—which is still being investigated.

    But it was the company's portal, not its web-based EHR used by physicians, that was compromised, Gorode said.

    In situations where many vendors are involved, vulnerabilities occur.

    Last year, 1.5 million liability insurance claim records were downloaded by a computer hobbyist in Texas from a popular, commercial data storage site. The records were from the insurance departments at various government agencies that had contracted with a California company to provide them with web-based software to handle claims administration.

    The agencies affected said they had no idea their data was being housed in a third-party data warehouse with inadequate access protection.

    The incident was something of the poster child for breaches involving a chain of vendors, some unknown to the HIPAA-covered entity that contracted with the first vendor in the chain.

    Through November, there have been more than 1,300 breaches reported to the federal government. Those breaches exposed more than 152 million individuals' records. So far this year, a record 92 breaches have been reported as the result of hacking. Those incidents exposed more than 12 million individuals' records.

    To manage the increased risk from multiple moving parts, healthcare organizations should have a cyber-risk management plan in place and have legal agreements with vendors and insurance in place to cover any incidents, Hyde said.

    Traditionally, health IT vendor contracts are stacked in favor of the vendors, including who's liable for data breaches. Such imbalances of power put the vendors' smaller clients in a relatively weak position when it came to negotiating protections for data security.

    But updates to HIPAA that required public breach notifications also placed IT contractors under equal legal liability—including monetary and criminal penalties—for breaches of patient data their handling on behalf of their client hospitals, physicians, insurance companies and claims clearinghouses.

    Earlier this year, HHS' Office for Civil Rights said it would begin a second round of congressionally mandated audits of healthcare organizations for compliance with HIPAA privacy, security and breach notification rules and that some of those audits will focus on IT vendors—so-called business associates—of HIPAA-covered entities. Some healthcare lawyers believe the combination of the HIPAA changes and the impending audits should strengthen providers' stance in negotiating better data security provisions within vendor contracts.

    Last month, healthcare IT leaders called on HHS to appoint a national chief information security officer to elevate the posture of data security within health organizations across the nation. That national CISO could write contract guidelines to ensure security issues and liabilities are properly addressed.

    Hyde, a former U.S. Marine Corps intelligence officer who had worked for the National Security Agency, also warned against being satisfied with simply meeting federal privacy standards.

    “HIPAA is a minimum standard,” Hyde said. “It should not be a security standard you aspire to.”

    Hyde advises clients to comply with the cybersecurity framework developed by the National Institute of Standards and Technology, which he says has a lot of depth.

    Letter
    to the
    Editor

    Send us a letter

    Have an opinion about this story? Click here to submit a Letter to the Editor, and we may publish it in print.

    Recommended for You
    WHO_i.jpg
    COVID-19 still an emergency but approaching 'inflexion point,' WHO says
    Record 16.3M people enroll in ACA plans
    Record 16.3M people enroll in ACA plans
    Most Popular
    1
    More healthcare organizations at risk of credit default, Moody's says
    2
    Centene fills out senior executive team with new president, COO
    3
    SCAN, CareOregon plan to merge into the HealthRight Group
    4
    Blue Cross Blue Shield of Michigan unveils big push that lets physicians take on risk, reap rewards
    5
    Bright Health weighs reverse stock split as delisting looms
    Sponsored Content
    Modern Healthcare Alert: Sign up for this breaking news email to be kept in the loop as urgent healthcare business news unfolds.
    Get Newsletters

    Sign up for enewsletters and alerts to receive breaking news and in-depth coverage of healthcare events and trends, as they happen, right to your inbox.

    Subscribe Today
    MH Magazine Cover

    MH magazine offers content that sheds light on healthcare leaders’ complex choices and touch points—from strategy, governance, leadership development and finance to operations, clinical care, and marketing.

    Subscribe
    Connect with Us
    • LinkedIn
    • Twitter
    • Facebook
    • RSS

    Our Mission

    Modern Healthcare empowers industry leaders to succeed by providing unbiased reporting of the news, insights, analysis and data.

    Contact Us

    (877) 812-1581

    Email us

     

    Resources
    • Contact Us
    • Advertise with Us
    • Ad Choices Ad Choices
    • Sitemap
    Editorial Dept
    • Submission Guidelines
    • Code of Ethics
    • Awards
    • About Us
    Legal
    • Terms and Conditions
    • Privacy Policy
    • Privacy Request
    Modern Healthcare
    Copyright © 1996-2023. Crain Communications, Inc. All Rights Reserved.
    • News
      • Current News
      • COVID-19
      • Providers
      • Insurance
      • Government
      • Finance
      • Technology
      • Safety & Quality
      • Transformation
        • Patients
        • Operations
        • Care Delivery
        • Payment
      • People
      • Regional News
        • Midwest
        • Northeast
        • South
        • West
      • Digital Edition (Web Version)
    • Digital Health
    • Insights
      • ACA 10 Years After
      • Best Practices
      • Special Reports
      • Innovations
    • Opinion
      • Bold Moves
      • Breaking Bias
      • Commentaries
      • Letters
      • Vital Signs Blog
      • From the Editor
    • Events & Awards
      • Awards
        • Nominate/Eligibility
        • 100 Most Influential People
        • 50 Most Influential Clinical Executives
        • Best Places to Work in Healthcare
        • Excellence in Governance
        • Health Care Hall of Fame
        • Healthcare Marketing Impact Awards
        • Top 25 Emerging Leaders
        • Top 25 Innovators
        • Diversity in Healthcare
          • - Luminaries
          • - Top 25 Diversity Leaders
          • - Leaders to Watch
        • Women in Healthcare
          • - Luminaries
          • - Top 25 Women Leaders
          • - Women to Watch
      • Conferences
        • Digital Health Transformation Summit
        • Leadership Symposium
        • Social Determinants of Health Symposium
        • Women Leaders in Healthcare Conference
      • Galas
        • Best Places to Work Awards Gala
        • Health Care Hall of Fame Gala
        • Top 25 Diversity Leaders Gala
        • Top 25 Women Leaders Gala
      • Virtual Briefings
        • - Hospital of the Future
        • - Value Based Care
        • - Supply Chain
        • - Hospital at Home
        • - Workplace of the Future
        • - Digital Health
        • - Future of Staffing
        • - Hospital of the Future (Fall)
      • Webinars
    • Multimedia
      • Podcast - Beyond the Byline
      • Sponsored Podcast - Healthcare Insider
      • Video Series - The Check Up
      • Sponsored Video Series - One on One
    • Data Center
      • Data Center Home
      • Hospital Financials
      • Staffing & Compensation
      • Quality & Safety
      • Mergers & Acquisitions
      • Data Archive
      • Resource Guide: By the Numbers
      • Surveys
      • Data Points
    • MORE +
      • Contact Us
      • Advertise
      • Media Kit
      • Newsletters
      • Jobs
      • People on the Move
      • Reprints & Licensing