Accessibility Menu
 
Arrow-Thin-Down
S&P 500
6,824.66
+0.6%
+41.85
Arrow-Thin-Down
DJI
48,185.80
+0.6%
+275.88
Arrow-Thin-Down
NASDAQ
22,822.42
+0.8%
+187.42
Arrow-Thin-Down
Bitcoin
$71,936.00
+1.4%
+$977.46
Arrow-Thin-Down
AMZN
$233.26
+5.4%
+$12.01
Arrow-Thin-Down
GOOG
$316.37
+0.5%
+$1.63
Arrow-Thin-Down
META
$628.39
+2.6%
+$15.97
Arrow-Thin-Down
MSFT
$373.07
-0.3%
-$1.26
Arrow-Thin-Down
NVDA
$183.89
+1.0%
+$1.81
Arrow-Thin-Down
TSLA
$345.40
+0.6%
+$2.15
Most Active StocksDaily Stock GainersDaily Stock Losers

Why Cloud Hackers Could Come for Your Health Data Next

Hackers are exploiting the heartbleed bug as part of their increased attacks to steal private healthcare information.

By Todd Campbell Sep 14, 2014 at 3:01PM EST

Source: Community Health Systems

The revelation that Community Health Systems (CYH +1.77%) servers were hacked, resulting in the loss of 4.5 million patient records, and that a server for the Affordable Care Act's healthcare.gov website was breached, puts the issue of healthcare privacy front and center even as industry watchers warn that health care security is far too lax..

According to Internet cloud security provider Skyhigh Networks, 90% of health care services clouds are either at medium risk or high risk of being hacked. That's worrisome news for health care organizations given that an HIMSS Analytics survey earlier this year found that 83% of health care companies use cloud services.

Carts before horses?
The Department of Health and Human Services pays bonus Medicare payments to hospitals and physician networks that use health care IT to share, track, and analyze patient information. It also cuts payments to those that fail to meet health care IT meaningful use targets.

That carrot-and-stick approach is incredibly motivating, but the cost of establishing health care IT systems remains daunting. As a result, many organizations are fulfilling their meaningful use targets by relying on third party cloud service providers that offer out-of-the-box solutions.

However, rushing to implement health care IT solutions, either through the cloud, internally, or in a hybrid combination, may be exposing providers and patients to a greater security risk. That's because recent hacker attacks suggest that health care organizations may not be investing enough money in -- and attention on -- protecting health care information.

For example, the hacker attack on Community Health Systems exploited a bug in the open source encryption software on a Juniper networking device to capture login data that was used to access patient information stored deeper within the company's network.

The bug, which is known as heartbleed because it targets a repeating signal designed to maintain an open connection between servers and computers, was discovered in April. Yet the attacks on Community Health appear to have occurred a week after heartbleed was discovered and again in June. The timing of those attacks raises important questions regarding how quickly organizations are responding to security threats and whether or not health care organizations and their cloud services companies are adequately staffed to respond to ever-evolving attacks. 

Source: Athenahealth 

Complicating the problem
Securing patient private data is arguably more challenging than protecting credit card data or access to customer checking accounts. That's because healthcare companies are trying to build a share-friendly ecosystem, rather than a closed-loop that is walled off from outsiders.

The goal of free-flowing healthcare information lends itself nicely to cloud providers, who can market services as a less costly way to exchange patient information between providers, payers, and patients.

By busting open metal file cabinets and sharing healthcare data seamlessly between primary care doctors, specialists, and surgeons, healthcare providers can build a far more robust system for monitoring patient health, analyzing treatment outcome, and avoiding medical mistakes.

Healthcare IT is also having a big impact on improving healthcare provider workflow. Cloud based solutions are integrating patient information with scheduling and billing, which allows providers to benefit from fewer missed appointments and faster payments.

Those advantages mean that despite the security risks, healthcare providers are likely to continue to embrace cloud-based healthcare IT. According to the HIMSS Analystics study, 43% of healthcare organizations have turned to the cloud to host clinical applications and data. That suggests that hackers have plenty of incentive to target cloud based systems. 

Fool-worthy final thoughts
Securing electronic records either locally or in the cloud will remain challenging and important, but that doesn't mean that the healthcare sector should ditch the use of servers and return to their paper and pen days. The potential for increasingly real-time patient care is far too promising to abandon. As a result, providers will continue to adopt systems that allow for greater, rather than less, communication between people and medical equipment. That likely means that cost saving and convenient cloud-based services will remain both a go-to solution and a major target of hacker attacks. Whether security can keep up with that quickened pace of adoption of healthcare IT is unknown, but it's unlikely this is the last we've heard about hacking health care.

Read Next

About the Author

Todd Campbell
Mr. Campbell has been providing alpha generating independent equity research to professional money managers for nearly 15 years. In 2003, Mr. Campbell founded E.B. Capital Markets, LLC, an independent research firm serving professional money management firms. Mr. Campbell founded Gundalow Advisors, LLC, a State Registered Investment Advisor providing investment management services to institutions and high net worth clients in 2013. Today, some of the largest money management firms in the country trust the proprietary research developed by Mr. Campbell, including the Power 7 methodology featured in Mr. Campbell's book "Your Guide to Better Stock Picks: Tips from an Advisor's Advisor". Prior to founding E.B. Capital Markets, LLC, Mr. Campbell was Vice President and Partner of Alpha Equity Research, an independent equity research firm. At Alpha Equity Research, Mr. Campbell's responsibilities included institutional sales and client services. Mr. Campbell also developed new research and distribution products. Additionally, Mr. Campbell was responsible for Alpha’s individual brokerage business, providing investment services to high net worth families. In the past decade, Mr. Campbell’s articles have been featured in the Market Technician’s Association trade journal and his insights have been featured in various print and online financial publications, including Barron’s & SmartMoney. Mr. Campbell has also appeared on the financial news network, CNN/fn. Mr. Campbell is a graduate of the University of New Hampshire, where he studied English, Psychology and Business Administration with a focus on economics.
XMFEBCapital
X@ebcapital

Todd Campbell has no position in any stocks mentioned. Todd owns E.B. Capital Markets, LLC. E.B. Capital's clients may or may not have positions in the companies mentioned. Todd owns Gundalow Advisors, LLC. Gundalow's clients do not have positions in the companies mentioned. The Motley Fool has no position in any of the stocks mentioned. Try any of our Foolish newsletter services free for 30 days. We Fools may not all hold the same opinions, but we all believe that considering a diverse range of insights makes us better investors. The Motley Fool has a disclosure policy.

Stocks Mentioned

Community Health Systems Stock Quote
Community Health Systems
NYSE: CYH
$3.16
(+1.77%)+$0.06

*Average returns of all recommendations since inception. Cost basis and return based on previous market day close.

Premium Investing Services

Invest better with The Motley Fool. Get stock recommendations, portfolio guidance, and more from The Motley Fool's premium services.

View Premium Services