HIMSS15: Cybersecurity must be faced by industry head on

Less than a quarter of the way through 2015, tens of millions of healthcare consumers already have seen their personal information compromised--the most notable hacks so far being on health insurance providers Anthem and Premera.

The Anthem attack, announced in February, sent the industry reeling, with the unencrypted information of more than 78 million individuals compromised after hackers broke into a database.

Weeks later, it was revealed that at Premera Blue Cross, hackers gained access to the personal information of 11 million customers. The attack initially occurred May 5, 2014, but it was not detected by the Mountlake Terrace, Washington-based insurer until Jan. 29 of this year, Premera said on a website it set up to inform members about the incident.

Many in healthcare have said threats have to be taken seriously from the top all the way down--from the C-suite to the workforce.

"The C-suite must care, the workforce must be aware. This is a very simple recipe, and if you follow this recipe, it will be tremendous improvement on protecting privacy and data security," Daniel Solove, the John Marshall Harlan Research Professor of Law at the George Washington University Law School said during the HIPAA Summit in the District of Columbia last month. "Data protection must be felt in the bones of an organization, it must be part of the organization's culture. It can't be something that's an afterthought or tacked on."

With all the trouble these kinds of breaches and attacks are causing healthcare organizations, it's no surprise that the Healthcare Information and Management Systems Society's conference in Chicago next week will be chock full of panels and events on the growing issue.

Educational sessions will address cybersecurity aspects that include upcoming HIPAA audits (though no date has been announced for when those will begin), data security and enforcement trends, and how to protect patients by staying ahead of such threats.