Public Health Information Vulnerable to Cyber Attack

What is Public Health?

Public health departments promote and protect the health and wellbeing of the general public. The field of public health attempts to promote wellness, educate about healthy behaviors, set safety standards to protect workers, provide vaccines, track disease outbreaks, and advocate for laws supporting public health and safety. Public health includes hospitals and other medical centers that may be utilized by the general public.

Public health occupations may include nurses, physicians, social workers, epidemiologists, scientists, researchers, nutritionists, restaurant inspectors, first responders, and public policymakers.

As the field of public health is important for the wellbeing of the general public, it is important for public health providers to have access to medical data systems that function smoothly, in addition to protecting the data of patients. However, recent cyber attacks involving ransomware have begun to target these systems in an attempt to exploit public health services and demand compensation. When ransomware attacks target public health information systems, this data may be leaked or breached, leading to privacy violations for patients.

Public Health Information Leak

A public health information leak may occur when a cyber-attack takes over a public health information system, encrypting or compromising the data. These cyber-attacks are generally followed by ransom demands from the thieves responsible for crippling the public health information system. These thieves often demand tens of thousands or millions of dollars in exchange for unencrypting medical files and programs. According to a report from 2019, public health cyber attacks cost an average of $1.4 million to recover the compromised information. However, the FBI has recommended against giving in to ransomware thieves’ demands, as paying them to restore access to the information may only encourage them to continue running this scheme against other hospitals and medical centers. Although around 23 percent of healthcare organizations do pay ransoms to cybercriminals who encrypt their data or systems, some medical centers have been able to regain access to their information or restore their systems from backups, without paying ransoms.

Patient personal information that may be compromised when public health organizations are targeted by ransomware thieves may include Social Security numbers, addresses, full names, dates of birth, member ID numbers, billing information, demographic details, and medical histories. The medical information that may potentially be exposed in these breaches may include test names or test results, appointment information, health condition names, and other details pertaining to a patient’s medical file. Patients whose personal information has been exposed by medical data breaches may be at risk of experiencing financial or identity theft, or other crimes including blackmail.

What Public Health Organizations Have Been Affected?

Almost 90 percent of healthcare organizations have experienced a data breach in the past few years. Although many cyber-attacks are assessed and neutralized before patient data is actually compromised, some of these attacks do result in data breaches or information leaks.

In 2019, several large medical and public health centers were affected by data breaches. Around 7.7 million LabCorp patients may have had their personal information affected by a breach that took place from late 2018 through early 2019. Other health centers that have recently been affected by data breaches include the American Medical Collection Agency, University of Washington Medicine, Quest Diagnostics, the Oregon Department of Human Services, Columbia Surgical Specialists, UConn Health, and Navicent Health. Some of these breaches potentially affected the personal information of millions of patients. While some of these attacks were discovered quickly after the breach began, others slowly leaked information for months or years. Dental and vision insurance provider Dominion National announced in 2019 that a data breach lasting approximately nine years had exposed the information of potentially millions of patients.

How to Respond to a Public Health Information Leak

According to studies on public health and medical center information leaks, cyber-attacks against medical centers result in productivity loss, loss of revenue, and loss of reputation and consumer trust. While many health centers that have experienced information leaks have offered affected patients free services such as a year of free credit monitoring, consumers who have been affected by these breaches may also qualify to hire an experienced attorney to review their case. As the effects of having their personal information exposed may be serious for some consumers, some victims whose personal information was compromised may be able to file a class action lawsuit against the health center or information system that was affected by the breach. Victims may potentially be able to recover compensation for violations of their privacy and personal medical information.

Join a Free Hospital Ransomware Attack Class Action Lawsuit Investigation

If you were a patient at a hospital or healthcare facility affected by a ransomware attack that impacted your medical care, you may qualify to join a hospital ransomware attack class action lawsuit investigation.

Learn More

This article is not legal advice. It is presented
for informational purposes only.