ROCHESTER — High Bit Security in Rochester said its recent penetration tests of an unnamed Midwestern health care center dramatically illustrates the ease with which hackers can obtain so-called “Protected Health Information.”
“When High Bit Security tested the medical facility, we obtained access to patient medical records, including name, address, next of kin, social security numbers, medical history, driver’s license numbers, all Medicare, Medicaid, and insurance information, plus the physician’s signatures and narcotics ID,” said High Bit Security COO Adam Goslin. “Obviously we would not disclose the name of the facility, but the administrator advised us that they had 20,000 patient records in their system at the time the test was performed. That translates to one million dollars in overall revenue to the hacker, and potentially 40 million dollars in costs to the system — in fraudulent claims and fake prescriptions, sometimes taking months to catch. It’s easy to see why even a small doctor office presents a juicy target. It is well known in the hacking community the value of certain types of information, traded in a classic underground economy.”
Small wonder that the government is stepping in and demanding that medical facilities secure their information, High Bit officials said.
“The Department of Health and Human Services now levies fines under HIPAA for facilities that are breached, and forgiveness for non-compliance is a thing of the past,” said High Bit Security’s chief business development officer, Barbara Goushaw. “In spite of this, many doctors and clinics are hoping to stay under the radar of both criminals and the government. It’s time to recognize that cyber-theft plays a role in the high cost of health care, and one that is steadily increasing. “
The complete case study can be reviewed at www.HighBitSecurity.com. The study details the testing results of the engagement, while keeping the client anonymous.
“Thankfully, this medical facility took their responsibility seriously; in spite of the fact they thought they were secure,” Goslin said. “Their EMR provider — a large, national provider — was providing their day to day IT support, and told them not to worry about it. Since the medical facility wanted to be sure, they hired High Bit Security to do both an external and internal penetration test. The chief physician was very disturbed at the magnitude of the issues identified once they received their final report; however was very glad their security stance was assessed so they were aware of the security vulnerabilities, and the fact that the detailed High Bit Security reporting allowed for swift remediation.”
High Bit Security is a national security services provider, providing penetration testing solutions to clients who need to protect sensitive data in industries such as health care, credit card, financial, or companies that otherwise store intellectual property or personally identifiable information. High Bit Security also provides security consulting services to clients to assist them with their compliance objectives across PCI-DSS, PA-DSS, HIPAA or SSAE-16, or which simply wish to perform a security best practices audit of their organization. Contact High Bit Security today for a free consultation to take steps toward protecting your sensitive information.