Healthcare security woes continue, and this time, they hit a little closer to home. Montana Department of Public Health and Human Services spokesperson Jon Ebelt announced that hackers had infiltrated the department’s server. According to the results of a forensics test, the hackers have had continuous access since July 2013. At this point, no one can say who perpetrated the hack.
According to the DPHHS website, the server may have contained the personal and “limited” clinical information of those whom the DPHHS serves, as well as bank account and Social Security numbers of department employees. The department shut down the server as soon as they noticed suspicious activity.
Although Ebelt said the department doesn’t know if the information was stolen, a cynical outlook seems best for now. “We’re assuming the worst,” Ebelt acknowledged in his statement.
Unfortunately, this is not the first time government healthcare systems and their clients have coped with security breaches. The Heartbleed bug, a major vulnerability in open source security toolkit Open SSL, made countless internet users vulnerable to cyberattack. The U.S. Department of Health and Human Services was forced to issue a warning encouraging new Obamacare enrollees to change their passwords.
Of course, major retailers have been hit as well. The infamous Target breach of December 2013 involved hackers accessing vulnerable credit card data, sparking an effort to obtain tougher credit card security. While many people agree that it’s time to upgrade the U.S.’s aged credit card system, less people have worried about the inconsistent and vulnerable ways in which governmental departments–and healthcare providers–store data. Attacks like the one on Montana’s DPHHS may change this attitude.
Most healthcare systems currently store information in a decentralized database. There are pros and cons to letting each department be responsible for its own data. Some argue that decentralized data is most secure, fearing that a single centralized system would be a giant bulls-eye for hackers. However, there are a number of advantages of having a centralized system. It would be easier to keep track of data in one place, and it would enable healthcare providers to implement consistent security measures. It would save money in the IT budget and allow the organization’s IT professionals to focus their attention on a single database.
It may be too soon to see the repercussions of the breach, but LMG Security will keep you updated as we hear more.