In 2012, 780,000 patient records were stolen from just the State of Utah Department of health. Thousands more medical records from patients across the nation were made potentially available through basic Internet search engines for a year due to incorrectly set security settings. More traditional cybersecurity incidents such as sending unencrypted emails and backup tapes have lead to the questioning of healthcare security.
It’s important to note that there is no organization that exists solely to provide cybersecurity in the healthcare industry. Compliance with patient confidentiality is the only thing organizations can hope to afford. HIPAA itself does not actually prescribe any solutions to the problem and lack of security but mainly just requires healthcare organizations to take reasonable actions to prevent data loss.
One possible solution for there to be any feasibility of cybersecurity is the establishment of a national patient identification system. While social security numbers may be considered as one, it is used too widely that the risk of losing it through a medical theft has too high of a cost. This will also solve problems with those who are not able to get a social security number but still need and have access to healthcare. To mitigate this problem, healthcare organizations will ask for more personal information such as gender and age to allow for true identification and specificity which leads to further loss if this information is stolen.
