Why Cloud Hackers Could Come For Your Health Data Next

Todd Campbell | The Motley Fool | September 14, 2014

The revelation that Community Health Systems  (NYSE: CYH  )  servers were hacked, resulting in the loss of 4.5 million patient records, and that a server for the Affordable Care Act's healthcare.gov website was breached, puts the issue of healthcare privacy front and center even as industry watchers warn that health care security is far too lax..  According to Internet cloud security provider Skyhigh Networks, 90% of health care services clouds are either at medium risk or high risk of being hacked. That's worrisome news for health care organizations given that an HIMSS Analytics survey earlier this year found that 83% of health care companies use cloud services.

The Department of Health and Human Services pays bonus Medicare payments to hospitals and physician networks that use health care IT to share, track, and analyze patient information. It also cuts payments to those that fail to meet health care IT meaningful use targets.  That carrot-and-stick approach is incredibly motivating, but the cost of establishing health care IT systems remains daunting. As a result, many organizations are fulfilling their meaningful use targets by relying on third party cloud service providers that offer out-of-the-box solutions.

However, rushing to implement health care IT solutions, either through the cloud, internally, or in a hybrid combination, may be exposing providers and patients to a greater security risk. That's because recent hacker attacks suggest that health care organizations may not be investing enough money in -- and attention on -- protecting health care information.  For example, the hacker attack on Community Health Systems exploited a bug in the open source encryption software on a Juniper networking device to capture login data that was used to access patient information stored deeper within the company's network...