A spokesman for Mandiant, the computer security company Anthem hired to evaluate its systems, told USA Today it was the nation’s largest health care breach to date.The hackers were likely more interested in stealing identities than medical information per se, a computer security expert said at the time. "The personally identifiable information they got is a lot more valuable than the fact that I stubbed my toe yesterday and broke it," he told USA Today.
Because of all the attention the media have given to large-scale data breaches at major retailers like Target and Home Depot, that cybersecurity expert might have understated criminal interest in personal health information. According to IBM's Security Intelligence blog, hackers are focusing more on healthcare than retail sources. Last year saw a 1,166 percent increase in reported healthcare records breached from 2014, the blog reported in 2015.
In the last month of 2015 alone, 10 insurance companies reported data theft to the federal Health & Human Service's Office for Civil Rights. Those cases each affected between 500 to almost 15,000 people. Nearly 100 million health care records – affecting roughly one of every three people in the country – were compromised in 2015. Millions of people spent months resetting passwords, double- and triple-checking invoices, and worrying that someone would steal their identity.
Healthcare data are extremely valuable. "[The] crown jewel, protected health information (PHI), has an excellent resale value on the black market,” the IBM blog notes. “The FBI has claimed that individual health care records can fetch $50 apiece on the underground versus $1 or less for credit cards." In addition, unlike credit cards, which have an expiration date, health data last forever. Thieves can use information from health records to commit identity theft as well as insurance, healthcare, and tax fraud.
When medical records are compromised, the information they contain is vulnerable to being released without authorization. That’s an especially unsettling scenario for patients with a history of psychiatric care and substance abuse. Indeed, it can be downright terrifying.
At ClinicTracker we have always focused intensely on protecting clinical data. Yes, we provide all the standard security measures, including strict password policies, idle timeouts, automatic logouts, and secure server access. We follow the HIPAA Security Rule by providing you with the ability to specify individual user system access and edit permissions; limit patient record access in a variety of ways; and enforcing digital signatures to validate documentation. ClinicTracker also detects suspicious logins and can lock accounts that appear to be under attack.
But ClinicTracker gives administrators a unique option that substantially improves data security: They can choose to run the program entirely on an internal server. That means the data are never exposed to hackers on the web. ClinicTracker's hybrid system combines the security of a local network environment with the flexibility of a web-based system.
ClinicTracker is a robust, future-proof mental health and substance abuse EHR. Dr. Michael Gordon, a renowned clinical psychologist, and Joshua Gordon, an award-winning software engineer, founded the company in 2000. ClinicTracker EHR’s powerful software empowers your agency to succeed. ClinicTracker will automate all of your clinic routines, boost staff productivity, increase billing efficiency, and provide the tools you need to manage your clinic effectively. While mental health and substance abuse agencies are the most common group of users, foster care agencies, social services, equine assisted therapy programs, university clinics, academic counseling systems, family counseling services, and eating disorder clinics also take advantage of our powerful software.