Hacking Health Care: Your Guide to Privacy

Internet Hacking

Every week seems to bring a new and bigger data breach attributed to hackers. The targets are many and varied: Department stores, major websites and even U.S. government agencies have seen sensitive, private information exposed in recent months. For its massive potential for profitability, the health care sector ranks near the top of many hackers’ lists. In 2003, the use of most health information became subject to strict regulation with the passage of the Health Insurance Portability and Accountability Act Privacy Rule. And in 2009, Congress passed additional legislation that pumped billions of dollars into promoting health information technology, including the adoption of electronic health records. As the use of information technology has spread, the health care landscape has become more complex — and more subject to unauthorized disclosure, as a report in Marketing Health Services notes.


A number of factors make health care providers ideal targets. The recent transition to digital records — along with a growing number of Internet-connected medical devices and security standards that lag behind other industries — has created a new cyber playground for criminals. Upping the ante is a black market that provides much higher paydays for medical records than for other types of personal data. A 2014 study found that data breaches could cost the health care industry some $5.6 billion a year.


The biggest danger of data breaches for the average consumer is health care identity theft. When data related to an individual’s health care is compromised, it can take months or years for the breach to come to light. According to Government Health IT, health care fraud cost U.S. consumers as much as $234 billion annually as of 2012. The figure is unsurprising, considering that a pilfered medical identity has a $50 value on the black market, whereas a Social Security number is worth just $1.


Health care organizations constantly work to update IT systems and to improve security. But many breaches happen for an old-fashioned reason: human error. Three-quarters of health care organizations cite employee carelessness as the biggest threat to data security. With the stakes so high, simple mistakes can have dire consequences. In 2014, the theft of two laptops from AHMC Healthcare Inc.’s administrative offices resulted in the breach of confidential medical data — including Social Security numbers — belonging to 729,000 patients.


The U.S. Office of the National Coordinator for Health Information Technology notes that health care providers are required to protect health information with passwords and other technical security enhancements like encryption. And HIPAA requires that health care providers secure certain protected health information by:
  • Limiting who can access the information
  • Limiting disclosure of the information
  • Ensuring that vendors follow the rules
  • Implementing technical, physical and administrative protections
In practice, security safeguards include passwords and PINs that limit access to authorized people, such as doctors and nurses. Information also may be encrypted, requiring a software “key” at both ends of a transmission. Individual workstations are locked down from prying eyes, and audit trails track who accessed or changed information.


Health care IT teams will continue to race against hackers and other criminals to keep data safe through digital means. But in the end, the security of everyone’s health care information rests with individuals. You can be a part of the solution at Concorde Career College. Our Health Information Management program educates health care professionals on new and better ways to protect patients’ valuable information.
Concorde Programs

Follow Concorde on Social Media

“Concorde was one of my best vehicles that helped me gain the confidence I needed to change my life. … It all started with a vision, a will and Concorde.”

Lucy Vang
Medical Assistant Graduate

“Without the support of certain instructors … I would not have pushed myself to grasp the concepts and pass my boards on the first attempt. Once I passed my boards, it was less than one month after that I landed my first Respiratory Therapist job where I am currently working with so much joy every day.”

Marcus Streator
Respiratory Therapy graduate