“ATTENTION!!! This is to inform you that Memorial Hospital and Manor is experiencing a ransomware incident. This impacts access to our Electronic Health Record system. While we believe this issue will not impact either the level or the quality of care we provide to our patients, we want to be fully transparent regarding this situation.” — Memorial Hospital and Manor (Bainbridge, Georgia), Nov. 3, 2024.
Americans rightfully expect reasonable privacy, especially when it comes to personal information, including the status of our own health. No one should be able to access our personal data without our express written consent. But with the new age of information technology, this goal is becoming harder and harder to achieve. Even in rural Bainbridge.
And it is happening all over, not just in Bainbridge. Unfortunately, your personal health information might have already been stolen. For example, a recent hack of Connecticut based Community Health Center Inc. ended up with over a million patients getting their data released, including — “Patient Names, Dates of Birth, Contact Information, Social Security Numbers, Medical Diagnoses, Treatment Details, Test Results, and Health Insurance Details.” This massive data release happened, despite the fact that “We stopped the criminal hacker’s access within hours,” said Community Health CEO Mark Masselli.
Plus, the health information crisis is clearly getting worse, rather than better.
“In H1, 2024, 387 data breaches of 500 or more records were reported to OCR.” The Department of Health and Human Services Office for Civil Rights is the federal agency responsible for the enforcement of HIPAA privacy and security rules. This figure “represents an 8.4% increase from … 2023, and a 9.3% increase from … 2022.″
Further, 2022 was bad enough with 51.9 million records “exposed, stolen, or otherwise impermissibly disclosed.” But, 168 million records were breached in 2023, an increase of over 300%.
A recently released report indicated that 84% of health care organizations experienced a data breach in 2024. Further, more than two-thirds of these entities have had breaches resulting in negative “financial consequences.” Almost 1 in 5 have had lawsuits filed as a result of these breaches.
Most of the readers of this column have been plagued by increasingly common phishing incidents, including both intentionally misleading emails and texts attempting to get someone to provide personal information. Therefore, assume the worse — that the bad guys are diligently trying to access your data and will … unless you are proactive. So, protect yourself the best you can.
But what exactly can the common person do to protect him or her self? Here are six common sense recommendations:
- Utilize unique, strong passwords. Keep them written down on paper, securely hidden — never on any electronic device.
- Passwords should contain random numbers, symbols, uppercase and lowercase letters arranged in a ridiculous manner. No pattern of any sort. So random that even you cannot remember them without looking at your paper password list.
- Never use the same password twice or master passwords. They can possibly be hacked.
- Use multifactor authentication. A code that will expire within 10 minutes will be texted to your phone.
- Check your financial accounts for unusual activity. Check frequently and regularly. And immediately contact financial institutions if irregularities of any sort are discovered.
Freeze your credit with the three major credit bureaus.
You can briefly unfreeze your credit if you need to apply for a credit card or a loan. The three major credit bureaus are Equifax (1-800-685-1111); Experian (1-888-397-3742); and TransUnion (1-888-909-8872).
The long-term solution to this increasingly disastrous problem is not readily evident. However, much more must be done by both our federal government and our health care organizations to protect sensitive personal health care information. Stronger regulatory measures must be a priority for the new administration. And health care organizations must be put on notice that the current level of data breaches is simply unacceptable to their patients/customers and to U.S. society.
Credit: Ben Backus/contributed
Credit: Ben Backus/contributed
Credit: Courtesy Photo
Credit: Courtesy Photo
Jack Bernard, a retired business executive and former chair of the Jasper County Commission and Republican Party, was the first director of health planning for Georgia.
Dr. Ben Backus is a retired military aviator and corporate educator. Jack Bernard is a former corporate SVP and was the first Director of Health Planning for Georgia. He is currently Chair of the Fayette County Board of Health and is on the Executive Committee of the Georgia Public Health Association.
About the Author
Keep Reading
The Latest
Featured
