On May 5, 2014 Premera Blue Cross, the third-largest health insurer in Washington state, announced today that the company was the target of a sophisticated cyber attack. This attack affected as many as 11 million patients across this great country. As a result of the malicious attack, attackers may have gained unauthorized access to names, dates of birth, Social Security numbers, mailing addresses, email addresses, phone numbers, member identification numbers, bank account information and claims and clinical information. This information may have went back as far as 2002. Not only did this attack affect many unfortunate Americans, but also the Premera Blue Cross CEO Jeff Roe. As a result of the cyberattack Premera also notified
On February, 8, 2011, Ortho Montana, PSC, a healthcare provider submitted a data breach which affected thirty seven thousand people. The type of breach described was ‘Theft’ and information was breached from Laptop. The exact description included in the web description states a laptop which had electronic unsecured protected health information was either lost or stolen. This took place when the laptop was taken to an event by a workforce member.
Anthem is a medical insurance provider that currently serves over 74 million people. On December 10, 2014, Anthem was victim to a data breach that resulted in over 37 million personal records being hacked from their servers. Fortunately, the attack was contained to only one day, but it was still enough to become one of the largest data breaches in corporate history. Shockingly, the hack wasn’t actually discovered until January 27, 2015. What lead to the discovery was when a data administrator discovered a query that was started using his own credentials (Ragan). Just over a week later - on February 4th - Anthem announced that there had been a massive data breach to the public. The breach was so severe, that even Anthem’s own CEO, Joseph Swedish, said that his personal information along with several other Anthem associates were taken during the breach.
In August 2000, Kaiser Permanente Online experienced a serious breach in security. The security breach concatenated several hundred individual e-mails containing personal patient data. As a result of the security breach, 19 members receiving private data about other members. Kaiser Permanente was made aware of the breach when two members notified the organization that they had received the concatenated e-mail messages.
Data security is used to prevent anything that is unauthorized, and it helps to protect all of the data from any corruption. Almost daily, media reports highlight the failure of health care organizations to safeguard the privacy and security of patient data, whether electronic or paper. Preventing data breaches has become more complex, and at the same time, the fines being levied against health care organizations for violating the Health Insurance, (Zamosky, 2014).# In this paper, I will discuss the security measures, how the security measures used and how well did the security measure work.
This case study will examine how Bon Secours Mary Immaculate Hospital identified a security breach in their facility and the course of action taken in an attempt to eradicate the problem. Security breaches are a major subject that must be addressed in the healthcare facility. With healthcare becoming more technology driven it is much easier to access data related to patients, specifically personal health information (PHI). Clearance is also a concern, not everyone in the healthcare facility should have access to a patient’s medical record. In order to protect PHIs, each facility must implement a policy and procedure related to internal, external, and third party security breaches. Security breaches can be detrimental to a healthcare facility and its patients, which is why breaches must be identified quickly for intervention and to minimize harmful outcomes to patients.
The Health and Human Services (HHS) settled a case with Blue Cross Blue Shield of Tennessee (BCBST) for $1.5 million for violating the Health Insurance Portability and Accountability Act (HIPAA) and security rules. There are security issues with BCBST in regard to confidentiality, integrity, availability, and privacy. There are also security requirement by HIPAA which could have prevent the security issue if it has been enforced. There are correction actions taken by BCBST which were efficient and some may have not been adequate. There are HIPAA security requirements and safeguards organization need to implement to mitigate the security risk in terms of administrative, technical, and physical safeguards.
The Target data breach remains one of the most notable breaches in history, it was the first time a CEO of a major corporation was fired due to a security event. The breach received an enormous amount of attention, it caused corporations and individuals to change the way they think about information security and data protection. Between Thanksgiving and Christmas 2013 hackers gained access to 40 million customer credit cards and personal data of 70 million Target customers. The intruders slipped in by using stolen credentials and from there gained access to vulnerable servers on Targets network to launch their attack and steal sensitive customer data from the POS cash registers. All this occurred without a response from Targets security operations center, even though security systems notified them of suspicious activity. The data was then sold on the black market for an estimated $53 million dollars. However, the cost to Target, creditors, and banks exceeded half of a billion dollars. This report will review how the infiltration occurred, what allowed the breach to occur including Targets response, and finally who was impacted by the security event.
The reality is that healthcare fraud negatively impacts everyone in the nation. "Health care identity theft dominated all other crimes in the sector last year, according to Louis Saccoccio, executive director of the National Health Care Anti-Fraud Association (NHCAA), an advocacy group whose members include insurers, law enforcement and regulatory agencies" (Kavilanz, 2010). Groups of organized criminals are hacking into the digital databases of healthcare organizations so that they can take money from the Medicare system, which means that the government is actually the sole largest victim of health care fraud, according to the FBI (Kavilanz, 2010). The scope and vastness of such crimes truly impact everyone. The money that is stolen not only undermines the integrity of the healthcare system as whole, but is taken away from organizations and individuals who truly need it to help people fight fatal diseases, to help them overcome chronic conditions, to put them back to work and reunite them with their families. Fraudulent activity not only compromises the integrity of the entire healthcare system, but takes numerous victims, impairing the healthcare system from accomplishing the full extent of their goals.
THERE WAS A CYBER ATTACK ON A A MEDICAL INSURANCE COMPANY. THE COMPANY WAS CALLED PRIMIER BLUE CROSS. THRU THE CYBER attack over 11 million customers were affected by the cyber attack. unfortunately this attacks were not discovered till January 29 and the process had started may 5th of that year.
Blue Cross Blue Shield of Michigan was a victim of identity theft and credit card fraud for over 5,000 subscribers. Angela Patton, an employee for Blue Cross Blue Shield, allegedly printed and shared profiles of customers to 10 outside sources. Some of the stolen information was used to purchase over $742,000 in merchandise at Sam’s Club by three of the perpetrators. The scheme ran from 2012 through 2014. The perpetrators were found in Texas, Ohio and Michigan; all of them actually being Detroit, Michigan residents ranging in ages of 26 to 47. According to the news release, along with the printed documents they possessed counterfeit identification cards and credit cards in the names of Blue Cross subscribers. A search warrant raid in
The department of Health and Human Services protects and guides the health and well being of individuals here in America (Thacker, 2014). They fulfill these duties providing Americans with adequate and efficient health and human services and monitoring services designed to increase the efficiency of care in the health system (Thacker, 2014). One of the services being monitored by the department of Health and Human Services is the electronic health record system, which carries private and vital information of patient’s health record enabling all eligible participating health workers access to these records (Thacker, 2014). A breach of the protective health information of patients in a health organization creates chaos as these are against the health insurance portability and accountability (HIPAA) law (Thacker, 2014). Hence, measure will have to be put in place to determine what caused the breach and how to rectify it to ensure the breach never happens again (Thacker, 2014).
Deliberately falsifying medical information with the hope of receiving greater benefits/money is an easier way to describe health care fraud. Although many believe these acts are commonly performed by individuals, healthcare providers, staff, and insurance companies are increasingly involved in these crimes as well. When looking at the effects of healthcare fraud, losing money is not the only substantial threat. According to Health Research Finding.org, patient identity theft is also on the rise due to healthcare organizations offering the lowest cyber security involving private patient information (Quiggle). Although all medical providers, insurance carriers, clearing houses, and any other organizations handling private healthcare information must abide by HIPAA security laws, the use
Health care fraud can affect everyone... including you. Certainly, only a small percentage of health care providers and consumers deliberately engage in health care fraud. However, even the smallest amount of stolen money from health care fraud can raise the cost of health care benefits for everyone noticeably. The healthcare system is a goldmine for fraudsters, scammers and organized gangs who have been stealing as much as $100 billion dollars a year. According to Louis Saccoccio executive director of the National Healthcare Anti-Fraud Association, he has stated ‘that healthcare identity theft dominated all other crimes in the sector of 2009(Medical, 1).
Privacy of health information has become an area of emphasis across the healthcare industry. It is important to understand what data is protected under federal regulations, how it can be shared, and how to prevent any accidental exposure of protected data. It is possible that data that should be protected can be exposed without anyone even realizing a violation has occurred. Exposure of protected healthcare data can result in medical identity theft and is therefore a very important and hot topic. The security and privacy of healthcare data is necessary to ensure consumer confidence in the healthcare industry and to prevent medical identity theft.
In today’s age of healthcare, health informatic innovations such as the health information exchange have allowed electronically available healthcare data, such as clinical, administrative, and financial information, to be shared within healthcare systems, hospital networks, and other healthcare settings. As organizations begin to share sensitive information across political, geographical, and institutional boundaries, there is a constant risk of patient data being compromised. Therefore, close attention must be given to confronting the specific problems resulting in an increase in healthcare data breaches, as well as determining the appropriate solutions in order for healthcare organizations to protect sensitive patient data.