Apparently, healthcare is among the worst industries in terms of breaches of data security. And this is despite the dramatic increase of attention the HIPAA law has focused on their behavior with data.
In this case it was two diagnostic laboratories, Quest and LabCorp, whose data were allowed to be stolen. the data stolen consisted of financial information, such as credit card information, bank account information, and medically identifiable information such as social security numbers, as well as names, addresses dates of birth, dates of service, and balance information. No diagnostic results were stolen. And why would anyone want them except for blackmail, a hard way to earn money.
Apparently the breach was due to both firms’ use of AMCA, a billing collector for both firms. Over 12 million customers were affected. The breach of security went on for over 7 months in 2018 and 2019 before being spotted.
Health systems are often cobbled together using a variety of sources of software, and it isn’t a surprise that there might be chinks in the armor. On average, healthcare systems thke 36 days to pass between intrusion and detection. They take on average 10 days to contain the problem. An analyst at Gartner said “I think this is a hopeless situation.” A re-architecture of health care data is required that puts security first. But then it will be much harder for us to find out our test results or status.
There’s a tradeoff between security and accessibility that is a major issue for supply chains, and whenever there is a need for cooperation, as between patient and her health care providers. Computer scientists and information technologists have needed for 20 years to spend serious resources on developing a sound practice that meets both needs.
written by Samantha Ann Schwartz