Covering cybersecurity as breaking news and a long-term health care story

About Rebecca Vesely

Rebecca Vesely is AHCJ's topic leader on health information technology and a freelance writer. She has written about health, science and medicine for AFP, the Bay Area News Group, Modern Healthcare, Wired, Scientific American online and many other news outlets.

Photo: Marcie Casas via Flickr

Photo: Marcie Casas via Flickr

Cyberattacks on hospitals and health insurers have become a regular occurrence – and breaking news in communities where the breaches take place.

A new tip sheet on health care cybersecurity seeks to help reporters who find themselves covering a cyberattack at their local hospital, medical group or health plan. Typically, the attacked entity will issue a press release with the number of affected patients, approximate date of the attack and response.

While reporters can help get the news out to the public and affected patients about the attack, they also can ask important questions about the security of consumer information in the race to adopt new technology.

This summer, hackers breached the systems of one of the largest hospital chains in the Southwest putting the issue of health care cybersecurity back into the spotlight.

Personal information – medical records, financials and health plan information – of up to 3.7 million people may have been compromised, according to Phoenix-based Banner Health and The Arizona Republic. The attack was initiated in June.

Hospital adoption of electronic medical records has happened at a breathtaking pace. Cyberattackers are increasingly savvy. By contrast, many providers lack the skills, technology and financial resources necessary to safeguard these new electronic data systems.

Eighty-five percent of health IT security providers are increasing cybersecurity awareness but the vast majority say they lack the resources or personnel to instill better cybersecurity practices, according to a survey by HIMSS released in August.

Reporters can do a public service by getting the word out to their communities when these attacks happen. Reporters can also go beyond a one-day story to probe the adequacy of security systems at health care entities in their region.

1 thought on “Covering cybersecurity as breaking news and a long-term health care story

  1. Paul Burke

    The HIMSS survey you link to also says that only some health care practices use standard computer protections, and they’re particularly concerned that antivirus, anti-malware, and firewalls are not used by everyone:

    Antivirus/malware protection: 85% of hospitals and 90% of doctor’s offices
    Firewalls: 78% 90%
    Data encryption (data in transit): 68% 48%
    Audit logs of each access to patient health and financial records: 60% 61%
    Data encryption (data at rest): 61% 48%
    System to ensure all updates and patches are installed: 61% 42%
    Intrusion detection systems (IDS): 57% 42%
    Network monitoring tools: 55% 45%

Leave a Reply