We all know about the Anthem Healthcare breach of millions of patient records. That’s been followed by an announcement by Premera Blue Cross that they’ve had 11 million records breached as well. Plus, I’m sure we’re just at the start of healthcare data breaches that are going to occur.
What’s astonishing to me is that many seem to be playing this up as a new thing. I remember about 15 years ago when I was in college and a guy I knew told stories about hacking through an entire hospital system. In fact, he casually made the comment, “You don’t want to hack the government cause they’ll come after you, but hospitals and universities you can easily hack and nothing will happen.”
This story illustrates two points. First, breaches of healthcare organizations have been happening for a long time. This isn’t something new. Second, we’re just now starting to put in place the technology that will detect breaches. That’s a good thing. In fact, in some ways we should applaud the fact that we actually know these breaches are happening now. I’m certain that many of these breaches happened before and we just never knew about it because you don’t have to report a breach you don’t know about.
Now that we know about these breaches, will that spur action? I think it will in some organizations. It certainly won’t be a bad thing for security and privacy. Unless we’ve become so callous to the breaches (like the title of this post suggests) that we stop caring about breaches because “they’re bound to happen.”
I hope that this post doesn’t encourage apathy on the part of healthcare organizations security and privacy. I assure you that no hospital wants to go through a breach of healthcare data. While impossible to guarantee it won’t happen, a sincere effort to create a culture of compliance in your hospital can go a long way to preventing many breaches.
As my college hacker friend told me many years ago, “You can never make something 100% secure, but you can make it hard enough for someone to hack that it’s not worth their time.” If it’s not worth their time, they’ll usually move on to someone easier.