‘The Biggest HIPAA Breach Ever” – Will Your Organization Be the Next Big Headline?

By Suzanne Yaeger

Healthcare delivery is changing as fast as the technology that is driving it - electronic health records, personal portals, online medical images, telemedicine, and networked medical devices are all hot topics and relatively new in the global practice of medicine. With the tremendous benefits of integrated healthcare and medical technology comes the increased risk of cybersecurity for all the constituent players across the healthcare ecosystem.


  • Hospital Hacked, Notifies 43K Patients (HealthData Management, Feb. 2013) Froedtert Health in Milwaukee is notifying thousands of patients that protected health information may have been compromised following a hacking incident.
  • Malware may have allowed attackers to make off with the personal information of thousands of people connected to Indiana University Health Goshen Hospital.780,000 Utah residents from the Utah Department of Health.
  • Malware may have allowed attackers to make off with the personal information of thousands of people connected to Indiana University Health Goshen Hospital.

Most ongoing data breaches in healthcare today involve human error or theft of laptops or mobile devices or electronic copies of records on thumb drives. Like many personal data records, healthcare data is valuable to different groups for various reasons and can easily be sold. Healthcare breaches account for at least a third of all data stolen in cyber crime. Healthcare organizations also face increased government enforcement and regulation for the protection of medical records including hefty fines and penalties for data breaches, plus threat of class action lawsuits due to invasion of privacy, further adding to the overall cost of breaches. 

ESG reports that healthcare data losses are the most costly of cybersecurity breaches at about $233 per record.


Source: Enterprise Strategy Group, 2013

What strategies can be implemented to defend against valuable data being lost or stolen? Physical security and employee security training are of course the first steps. Most organizations also have strong perimeter defenses against penetration by viruses and other identifiable threats into their networks. With the advances in threat attack types, especially with the increase in targeted attacks, protection of the internal network from advanced malware threats is a must and typically has been missing. ESG reports healthcare as being the largest segment of losses due to cyber threats including the cost of remediation, HIPPA fines, and lawsuits. Given the impact to healthcare organizations, we want to explore the growth of these sophisticated threats to this industry in coming weeks.

Some key initiatives that readers should be aware of, the National Health ISAC (NH-ISAC), the nationally recognized Cybersecurity Information Sharing and Analysis Center for the nation's health sector and the Center for Internet Security (CIS) have announced a new initiative to support protection of Internet-enabled medical devices from cybersecurity attacks. Also, the National Healthcare & Public Health Cybersecurity Alert Level has been evaluated and is set to Orange (High) due to ongoing reports of vulnerabilities in a variety of software products, reports of denial service attacks impacting both the public and private sectors, and a recent threat to law enforcement data bases.

Cyber protection for Healthcare is a must.  Stay tuned here to catch the latest news on how the industry is addressing this market segment.

Useful links:




Suzanne Yaeger is Director of Marketing at ISC8 and holds an MBA in Healthcare Management. Suzanne previously held positions as Director of Product Management at Cisco(IPmobile) and Metasolv Software. Her career includes product management and software development at Alcatel, Nortel, and Texas Instruments.