Cyber threat running high for health care

The health care field continues to present an appealing target for cybercriminals. Yet organizations are showing varying degrees of ability to keep up with this threat, as several new surveys suggest. 

In June, the Workgroup for Electronic Data Interchange noted that data breaches compromised roughly 37 million healthcare records between 2010 and 2014. The pace has accelerated quickly, with attacks exposing roughly 100 million records in just the first four months of 2015.

According to the WEDI report, criminals are willing to pay more for medical records than credit card numbers because the rich supply of information they contain (addresses, Social Security numbers) is useful for identity theft.

"Health care continues to be an appealing target for cybercriminals."

Resource limitations may affect organizations' cyber readiness
Corporate board members may have a weak grasp on cybersecurity threats as well. A National Association of Corporate Directors survey found that just 11 percent of corporate directors had a high-level understanding of these risks.

New findings from the 2015 Healthcare Information and Management Systems (HIMSS) Cybersecurity Survey highlighted the importance of maintaining internal resources to prevent and manage attacks. Of 297 participants – who work in healthcare information security – two-thirds said their organization "had experienced a significant security incident in the recent past."

Employee negligence was the largest single reason for incidents. But 64 percent said hackers, scammers and other outsiders had been responsible for such events. In about one-fifth of cases, the attack exposed "patient, financial or operational data."

More than half of the organizations employed full-time personnel to handle information security. Yet 64 percent felt that insufficient cybersecurity staffing presented a barrier to properly managing these incidents.

Keeping good information security staff on board to protect against the rising threat is a challenge for healthcare organizations, Mayo Clinic's chief information security officer, Jim Nelms, recently told the Wall Street Journal. The lure of bigger paychecks makes this workforce "quite a transient population," he said.

Cyber crime has become a major issue in the field of health care.
Cybercrime has become a major issue in the field of health care.

Recent health care data breaches "have been a wake-up call that patient and other data are valuable targets and healthcare organizations need a laser focus on cyber security threats," said Lisa Gallagher, vice president of technology solutions for HIMSS. "Healthcare organizations need to rapidly adjust their strategies to defend against cyber-attacks. This means incorporating threat data, and implementing new tools and sophisticated analysis into their security process."

WEDI urges health care organizations to address cyber threats at the highest levels. "The risk of cyber attacks is no longer limited to the IT desk, it is a key business issue that must be addressed by the C-suite," the authors note. "…[N]o healthcare organization can be completely immune from cyber attacks and adversaries. However, they can take appropriate measures to erect defenses and integrate cyber security into the business environment and culture."

These steps include:

  • Ensuring that all employees remain aware of the role they play in limiting their organizations' exposure to threats via potentially harmful emails, websites and files.
  • Properly updating and patching operating systems, antivirus software and anti-malware programs.
  • Maintaining automated alerts to notify staff to take appropriate action, according to protocol, in the event of a breach.

What the ACA Supreme Court ruling means for health IT

President Barack Obama's hallmark health insurance legislation, the Affordable Care Act, has been affirmed by the U.S. Supreme Court in a recent ruling. This piece of legislation that was signed into law in 2010 has been causing political and regulatory rifts ever since, but the affirmation of legal subsidies will now allow patients to move forward with the consumer protections passed several years ago.

These subsidies are very important, according to Health Data Management. Without them, much of the ACA would have been null and void. In short, these provisions and health insurance exchanges are aimed to keep things more transparent and fair between patients and insurance companies. However, the ACA also has an impact on the progression of health IT.

The ACA effect
Health Data Management point out that after this Supreme Court decision, several health IT policies will remain in place, including statewide health insurance exchanges and HIPAA electronic claims with electronic health records (remittance advice and claims attachments would also be included in these).

Additionally, a health plan identifier will continue to be part of the policy, as would electronic capabilities for enrollment into health and human services programs like Medicare and Medicaid. Obamacare also imposes a tax on health IT devices, including tools that collect or share patient data. Lastly, the ACA helped to expand data analytics further, especially in regards to Medicare claims data.

The Supreme Court's decision has a direct impact on the future of health IT.
The Supreme Court's decision has a direct impact on the future of health IT.

In a 6-3 ruling on King v. Burwell, the dissenters were justices Antonin Scalia, Clarence Thomas and Samuel Alito. Their main concerns with the ACA pertain to a half-phrase in the legislation concerning limited subsidies to states that operated their own exchanges. The majority of the judges, however, claimed that the half-phrase in question was not literal.

"Congress passed the Affordable Care Act to improve health insurance markets, not to destroy them. If at all possible, we must interpret the Act in a way that is consistent with the former, and avoids the latter. Section 36B (pertaining to subsidies) can fairly be read consistent with what we see as Congress's plan, and that is the reading we adopt," the judges in favor of the ruling stated.

Reactions from organizations
According to Healthcare IT News, several leading medical organizations, including the American Medical Association, the Mayo Clinic and the Department of Health and Human Services all expressed relief at the decision, both in terms of public health and health care costs.

Even though this is the second time the ACA has gone through Supreme Court trials, legislators against the ACA have vowed to repeal Obamacare, even though President Obama still holds executive power and the right of veto. Whether or not political posturing will continue with an election year coming up remains to be seen. However, in the meantime, the ACA's provisions regarding health IT expansion and optimization are still expected to progress and advance in addition to health insurance reforms.