Lost: 4.5 Million Patient Records to Offshore Hackers

Despite the punishments and the availability of information security, massive HIPAA breaches still happen.

28 August 2014


Hackers recently lifted 4.5 million records from a major U.S. health care network based in Tennessee.

In terms of the number of patients potentially affected, this may be the second-largest ever breach of the Health Insurance Portability and Accountability Act, claims the Nashville Business Journal. Among the records stolen are Social Security numbers, names, addresses, birthdays and telephone numbers.

With such patient data in hand, hackers can create phony bank accounts and credit cards, and receive loans — wrecking the patients’ credit histories, notes CNN. It’s believed that hackers used “high-end, sophisticated malware” according to CNN. While the FBI is working on the case, it’s unlikely it will be able to forestall any near-term damage to the victims.

Information security is paramount, more so now than ever before.

HIPAA Violations Hit Bottom Line, Reputation

The federal HIPAA statute guarantees the confidentiality of patient data. Violation fines run from $100 per infraction up to $50,000, depending on the severity of the breach. Also, state attorney generals and patients can sue a hospital network or other violator for negligence.

There are technologies and best practices available to address HIPAA concerns, however. “Medical data is possibly the most intimate and sensitive information we possess,” notes Richard Anstey, Intralinks’ Chief Technology Officer for Europe, Middle East and Africa.

“As more and more of our lives become digitized, we must increase our focus on protecting such information and controlling who can see what and when. Luckily, this technology now exists,” says Anstey. “We now need to put that technology in the hands of medical professionals and educate them in leveraging it.”

The HIPAA Hit Parade

Despite the punishments and the availability of hardened security, regrettably, massive HIPAA breaches aren’t exactly uncommon. Perhaps the largest on record affected 4.9 million patients, says an article in Healthcare IT News.

We hope this isn’t the case, but it’s likely there will be even more HIPAA breaches in the future. This situation will continue until the health care industry overall implements ironclad security and compliance, with complete encryption, access control and proper procedural safeguards.