March 01, 2016


Courtesy of Fox News and the Financial Times

A string of cyberattacks sent shockwaves through the health care industry in 2015, exposing sensitive data of millions of Americans and serving up the chilling reminder that providers need to step up their security game.

Hackers accessed more than 100 million health records in 2015, according to data from the Department of Health and Human Services.

Eight of the 10 largest health care provider hacks also took place this year, HHS confirmed to Wednesday. 

The figures were initially reported by Financial Times and other outlets. The biggest breach of the year surrounded Anthem, where a staggering 78.8 million customers had their personal information compromised in March.

That same month, 11 million Premera Blue Cross customers were hit when hackers gained access to their personal information, which included bank accounts, clinical data and Social Security numbers, the company said.

Excellus Health Plan revealed in August that a nearly two-year-old attack on its network left 10 million of its customers at risk.

Though 2015 is on record as the year of the biggest health care breaches – 55 recorded ones and counting – there may be even more bad news on the way for health care providers. 

Companies are required by privacy laws to protect personal data. A violation could land them in hot water with state insurance regulators and attorneys general.

“For a lot of them it is often less of a priority than it should be,” Deven McGraw, director for health information privacy at the HHS’s Office of Civil Rights, told Financial Times. “We’re seeing some pretty consistent areas of non-compliance across the board.”

This year, the cyber threat evolved with the emergence of hack attacks that investigators say can be traced back to China.

“We know of multiple threat groups operating out of China that have engaged in attacks in the health care industry,” Charles Carmakal, an investigator with Mandiant, a cybersecurity company, told Financial Times.

Mandiant counts Anthem and Premera among its clients.

“While we believe we know from an organizational perspective who they are, we can’t tell who tasked them to do it,” Carmakal said. “The big question is: are they hackers for hire and were they asked by the Chinese government to do this?”

The Chinese government has denied it is behind the attacks.