Requirements under provisions of the Affordable Care Act, a.k.a. Obamacare, may have jeapordized the privacy of thousands of patients when cyber criminals hacked into the computer system of a major hospital system in Washington DC last week. MedStar Health Inc. was forced to revert to old-fashioned paper records when the health provide went offline. Officials confirmed that a computer virus had crippled the chain’s operations in the metropolitan Washington area at hospitals and careproviders. Patients were thus unable to schedule appointments and medical personnel were locked out of their email accounts.
According to the Citizen’s Council for Health Freedom – a watch-dog organization that advocates patients’ rights – that medical ID theft is a growing problem throughout the country. The push towards a National Medical Records System has created an increasingly more inviting target for hackers. Computer viruses known as “ransomware” can compel heatlh providers and others to pay extortion money in order to return their computer systems to normal operations.
This was the case in March, when a Los Angeles hospital paid out $17,000 to cyber criminals to regain control of its computer system. Other security breaches include the targeting of Anthem, the 2nd-largest health insurer in the U.S., and Premera Blue Cross of Washington State. Hackers gained the records of 80 million customers at Anthem, and 11 million at Premera. The criminals obtained access to claims data, clinical records, banking account numbers, Social Security numbers, birth dates and other personal information.
Computer security at hospitals is poor, according to experts. Also, there is growing concern that medical devices such as pace-makers, respirators and bedside monitors are also vulnerable to hacks.
The rise in cyber attacks has been in tandem with the shift to electronic health records (EHRs), which has been underwritten by Obamacare. EHRs purportedly have benefits for physicians and patients alike. They are easier to track than paper, and allow health providers instantaneous access. They offer databases that improve diagnosis, treatment, and management of diseases such as diabetes, cancer, and heart problems.
The MedStar case shows that there is a negative side to the Obamacare directives regarding EHRs. These electronic records invite attacks by cyber criminals that can expose patients to the stripping of their bank accounts, identity theft, and exposure of private information. Twila Brase of the Citzen’s Council for Health Freedom said that the records are a very valuable target for criminals who seek to profit from medical and financial information.
The Medical Identity Fraud Alliance estimates that 2.3 million Americans are hit annually by security breaches. Damages ranged to as much as $20 billion a year. Victims have suffered in their credit scores, some lost their health insurance, and others paid an average of $13,500 to resolve the crime, according to MIFA.
Steps to reduce the risk
* Don’t give personal information to friends or family members.
* Check your credit reports for unpaid bills. Every person is entitled to one free copy of a credit report each year from each of the three principal reporting bureaus. See AnnualCreditReports.com
* Check with your health insurance and medical providers for an "accounting of disclosures": this is a list of those who have received your records and what information was received.
* Be wary of scams. For example, be skeptical of anyone claiming to represent a healthcare company offering allegedly free services or at heavily discounted rates.
Protect health records as well as bank and credit care information.
* Ask your health providers to see your medical records. Check for errors.
* Read your providers’ explanation-of-benefits statements and check for fraudulent charges.
* If you know that you have been hacked, report immediately to the police, federal and state authorities, your health insurance provider and your physicians.