A Station for Everyone
Play Live Radio
Next Up:
0:00
0:00
0:00 0:00
Available On Air Stations

'Planet Money': Are data breaches putting patients at risk?

STEVE INSKEEP, HOST:

Computer hacking has grown easier. Good news for hackers, I guess, but it adds to the risk for your bank account, your workplace and your health records. Our colleagues at the Indicator from NPR's Planet Money asked what's going wrong. Here are Paddy Hirsch and Wailin Wong.

WAILIN WONG, BYLINE: The Identity Theft Resource Center, which tracks hacks and data theft, says health care topped the list in the U.S. last year for what they call compromises. The industry suffered 369 successful cyberattacks.

PADDY HIRSCH, BYLINE: This kind of hacking activity is happening a lot more these days and a lot more successfully. I spoke to Scott Small about this. He's director of cyberthreat intelligence at Tidal Cyber, a security company.

SCOTT SMALL: The tools for carrying them out are becoming increasingly available and increasingly easy to use for your average, run-of-the-mill hacker.

HIRSCH: No longer do you have to be a computer genius, right? Wannabe hackers can buy so-called exploit kits. These are, like, plug-and-play devices to scan a company's software for vulnerabilities. They can also use artificial intelligence that can craft highly effective phishing emails in seconds.

SMALL: There is an immense criminal ecosystem. It's a very living and thriving ecosystem that exists to support exactly this type of activity because it generates a lot of money.

HIRSCH: And the main way these criminals make their money is by breaking into a company, putting a lock on their data and their backups, freezing up their systems and saying, if you want to access your stuff and get your business back online, pay us.

WONG: And this has been happening a lot to health care companies lately. John Gunn is the CEO of Token, a cybersecurity company.

JOHN GUNN: For decades, financial institutions have been the primary targets of cybercriminals. Now health care is an attractive target because they have weaker security.

WONG: Another reason that health care companies are such a big draw is the value of the data the hackers can steal.

HIRSCH: For example, in one attack on Lehigh Valley Health Network in February of last year, photos of naked cancer patients were stolen. The hackers actually published the photos online and wouldn't take them down until the company paid up. In other attacks, hackers have used the stolen data in other ways - to sell financial information to criminals and personal information to identity thieves.

WONG: This gives the hackers potentially two bites at the same apple. They could get money from the company and from extorting individual patients or selling their records.

HIRSCH: So why aren't these healthcare companies doing more to fight back? Scott Small says they are, but it's hard to keep up in what amounts to an arms race.

SMALL: I think we take for granted how challenging it is to secure a modern enterprise, widely patch and especially just to keep an up-to-date, current inventory of all the assets and software that you might have running across your entire enterprise.

WONG: It takes time, focus and, of course, money, the kind of money that finance companies have gotten used to spending. John Gunn says he remembers hearing an interview with JPMorgan CEO Jamie Dimon a few years ago.

GUNN: And they asked - they said, wow, you spend, you know, these hundreds of millions of dollars on, you know, cybersecurity. How much will you spend next year? And his answer was simple - whatever it takes.

HIRSCH: John says that with all the pressure health care companies are under now - with patients being individually affected, the government weighing in with fines, the threat of lawsuits and the possible effect on stock prices - he expects the health care approach is due for a change. Paddy Hirsch.

WONG: Wailin Wong, NPR News.

(SOUNDBITE OF MEUTE'S "YOU AND ME") Transcript provided by NPR, Copyright NPR.

NPR transcripts are created on a rush deadline by an NPR contractor. This text may not be in its final form and may be updated or revised in the future. Accuracy and availability may vary. The authoritative record of NPR’s programming is the audio record.

Wailin Wong
Wailin Wong is a long-time business and economics journalist who's reported from a Chilean mountaintop, an embalming fluid factory and lots of places in between. She is a host of The Indicator from Planet Money. Previously, she launched and co-hosted two branded podcasts for a software company and covered tech and startups for the Chicago Tribune. Wailin started her career as a correspondent for Dow Jones Newswires in Buenos Aires. In her spare time, she plays violin in one of the oldest community orchestras in the U.S.
Paddy Hirsch