Nearly 10% of Floridians had health records hacked by 2022, HHS reports

Nearly 10% of Floridians had health records hacked by 2022, HHS reports

TAMPA, Fla. (WFLA) — The American Hospital Association says cybersecurity risk is a major concern for healthcare organizations, largely because of the amount of information they have on file, much of which is “of high monetary and intelligence value” to cyber thieves and “nation-state actors.”

On Thursday night, Tallahassee Memorial Hospital’s online systems were put under siege and targeted in what appeared to be a ransomware attack, bringing the risk of hacked hospitals closer to home for Floridians.

While the hospital’s IT security team shut down the network to contain the attack, and in doing so shut down all non-emergency procedures, it took three days for the hospital, and its larger system, to resume normal operations.

Tallahassee Memorial is part of a larger network, Tallahassee Memorial HealthCare. The non-profit system has been in operation since 1948 and now serves 66 locations in North Florida, South Alabama and South Georgia, in 21 counties.

The February 3 IT security issue, as TMH describes it, affected IT systems, causing the system to divert emergency services and cancel outpatient and non-surgical procedures until Monday. At that time, TMH was still accepting level 1 trauma patients. The company also got in touch with the police to work on the investigation of the attempted intrusion.

Still, TMH said operations remained affected even as resumed operations expanded.

According to a February 6 publication, surgical procedures are still limited, and offices are using paper documentation for registration, admissions and filling prescriptions, advising patients to expect some delays. Some emergency room patients are still being diverted.

See also  Valorant developer Riot Games receives 'ransom email' after hack

Part of the problem with the IT security attack is how much of a hospital’s system is connected to the internet, in what is known as the Internet of Medical Things, or IoMT.

For some systems, if a hacker can get into a computer, they can get into everything from patient records to billing information, to even controlling some medical equipment used for critical healthcare.

The National Institute of Health said remote patient monitoring, screening and telehealth treatments have helped change healthcare to focus on “early diagnosis, prevention of spread, education and treatment, and ease of living in the new normal.” However, the integration creates its own challenges.

“Mass adoption appears challenging due to factors such as privacy and data security, handling large amounts of data, scalability and upgradeability, etc.,” the NIH reported, adding later in the study that “several challenges and implications exist today that must be addressed before mass adoption of IOMT, such as privacy and data security, data management, scalability and upgradeability, regulations, interoperability and cost-effectiveness.”

Data security and privacy remain a challenge due to the “large volume of sensitive health data” for patients, as well as its integration into patient monitoring and system management, according to the NIH.

Wipro, a technology services and consulting company, said IoMT devices can range from defibrillators to patient monitors to oxygen pumps and nebulizers. They said “implementation of appropriate security measures is critical” to ensure patient data security.

However, researchers say security breaches can also lead to loss of life in the healthcare sector.

See also  The Cold Mirage Side Job Guide

“Since most IoT devices were not developed with security in mind, they are highly vulnerable to security breaches. And you can imagine that such compromised security could lead to untold chaos and loss of life, especially in the healthcare sector,” according to Richard van Hooijdonk, a self-described futurist and technological implant advocate. “The proliferation of IoMT devices and their lack of security, combined with ubiquitous Internet connectivity, the scope for attack expands significantly, making healthcare one of the most ‘popular’ targets for cybercriminals.”

Bringing us back to Tallahassee, a TMH spokeswoman said in part on Tuesday that its staff was working with “outside experts and state and federal agencies to investigate the cause of the incident and safely restore all computer systems as quickly as possible.”

More broadly focused on Florida and the rest of the country, Jotform did an analysis of the United States, focused on ranking them by health record hacking.

According to the analysis, created by gathering information from the US Department of Health and Human Services, the US Census Bureau, and a data security report by IBM, Florida is among the 10 states most at risk of health information breaches.

Jotform reported that while record breaches are sometimes due to mismanagement by healthcare professionals, the majority were “overwhelmingly” breaches from hacking incidents. 80% of record breaks in 2022 came from hacks.

Florida had the seventh highest number of reported records affected, and highest estimated costs, of all 50 states due to hacking of medical and health records, according to the Jotform ranking.

See also  The best games like Diablo on PS4 - GameSpew
Rank State Individual records affected Estimated costs
1 Texas 4,957,050 738.6 million dollars
2 Wisconsin 4,498,306 670.25 million dollars
3 Pennsylvania 3,063,706 456.49 million dollars
4 Massachusetts 2,458,139 366.26 million dollars
5 Colorado 2,435,269 362.86 million dollars
6 New York 2,374,743 353.84 million dollars
7 Florida 2,254,815 $335.97 million
8 California 2,002,177 298.32 million dollars
9 Michigan 1,925,438 $286.89 million
10 Illinois 1,833,579 273.2 million dollars
(Source: Jotform)

According to federal records, 1.8 million Floridians were affected in 2022, including in parts of Tampa Bay.

Covered unit State Device type Persons affected Break date Type of breach
Ravkoo FL Health personnel 105,000 01/03/2022 Hacking/IT incident
South Walton Fire District FL Health personnel 25,331 15/11/2022 Hacking/IT incident
OCEANVIEWS OPTICAL INC FL Health personnel 2000 03.11.2022 Hacking/IT incident
Seredor Centers, Inc. FL Health personnel 2500 08.10.2022 Hacking/IT incident
Landmark Management Services FL Health personnel 501 15/09/2022 Hacking/IT incident
Synergic Healthcare Solutions, LLC d/b/a Fast Track Urgent Care Center FL Health personnel 258,411 07.12.2022 Hacking/IT incident
First Steps in Sarasota, Inc. FL Health personnel 1,858 25/02/2022 Hacking/IT incident
Jacksonville Spine Center, PA FL Health personnel 38,000 10/02/2022 Hacking/IT incident
North Broward Hospital District d/b/a Broward Health (“Broward Health”) FL Health personnel 1,351,431 01/02/2022 Hacking/IT incident
Foundcare, Inc. FL Health personnel 14,194 16/12/2022 Hacking/IT incident
Orlando Health FL Health personnel 3,662 18.11.2022 Hacking/IT incident
Phoenix Programs of Florida, Inc. FL Health personnel 6,594 21/10/2022 Hacking/IT incident
Bonita Springs Retirement Village, Inc. FL Health personnel 554 19/09/2022 Hacking/IT incident
Florida Springs Surgery Center FL Health personnel 2.203 08.01.2022 Hacking/IT incident
Total 1,812,239
(Source: US Dept. of Health and Human Services)

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *