Is Your Patient Information at Risk


If you have ever watched Bruce Willis in the Die Hard movie series, you’ve seen the ‘bad guys’ hack into a national computer system and threaten to shut down the entire country in return for millions of dollars. That scenario is no longer just in the movies. Recently, Hollywood Presbyterian Hospital experienced a cyber attack where hospital staff were locked out of their computer system. For a week, physicians and staff had to use pen, paper and fax machines to treat patients. Initially it was reported that the hackers demanded the equivalent of over $3.5 million, yet Hollywood Presbyterian paid around $17,000 before involving law enforcement.

That attack was made public, but there have been others including some regional police departments. Experts agree, cybercriminals will not stop. Hospitals and large practices may shore up their security systems, but others will continue to put patient information at risk. Social security numbers, patient legal names and credit card information on file could all be stolen.

Is your practice at risk? With the introduction of Meaningful Use, CMS has required that practices conduct a security risk analysis and address the practice’s issues. While hackers may not initially look at a smaller practice, the risks are there. Is your staff trained not to open suspicious email or click on links which could infect your system with malware or the ransomware that infected Hollywood Presbyterian? You may not have to be targeted, but an attack could happen.

HIPAA Security Risk Analysis is the number one reason practices are issued an audit from CMS. They have announced that their auditing group will issue letters to approximately 5% of all practices that attest for Meaningful Use. Figures are showing that nearly 25% of practices fail that specific audit because information is not protected or supporting documentation from the risk analysis is not available.

CMS has created a tipsheet to help practices understand how they can mitigate risk. The tipsheet is not a comprehensive list, but IntrinsiQ Specialty Solutions can help investigate a practice’s risk.