Whether or not you support the growing use of Electronic Health Records (EHR) to help physicians and patients manage health records including, diagnosis, treatments, and provider communications, there is no doubt that the use of electronic health records and apps are reshaping how healthcare professionals do their jobs. These systems are connecting doctors with their patients in new and expanded ways. But that connection comes with greater risks of inadvertently exposing patients’ records to the world.
Healthcare providers and systems are being hit with cyberattacks at a growing rate, which impact millions of patients.
In 2024, the U.S. healthcare sector experienced several significant data breaches, compromising the personal and medical information of millions. Notable incidents include:
United Healthcare Breach (February 2024): According to the HIPPA Journal, in February 2024, Change Healthcare, a subsidiary of UnitedHealth Group, suffered a ransomware attack attributed to the BlackCat (ALPHV) group. The breach exposed data of over 100 million individuals, including health insurance details, medical records, and Social Security numbers. UnitedHealth reportedly paid a $22 million ransom to mitigate the impact.*
Ascension Health System Breach (May 2024): Ascension, a prominent U.S. hospital operator, experienced a ransomware attack affecting nearly 5.6 million individuals. Compromised data included patient records, lab tests, and insurance information. The cybercriminals responsible were not identified, and the incident caused significant disruptions to clinical operations.**
Texas Tech Health Sciences Center Breach (September 2024): In exas Tech Health Sciences Center’s facilities in Lubbock and El Paso were targeted by hackers, potentially impacting over 1.4 million patients. Compromised data encompassed personal identifiers, financial details, and medical records. The Interlock ransomware group is suspected to be behind the attack.***
These incidents highlight the healthcare sector’s vulnerability to cyber threats and underscore the urgent need for enhanced cybersecurity measures to protect sensitive patient information.
Ever received a notice that your healthcare equipment is at or near the end of its life?
- Computer Components
- Electrocardiogram machines
- Printers
- EKG monitors
- Imaging equipment (e.g., X-ray, CT Scanners, MRI)
- Cellphones
- Tablets
- Phone systems
A certified eWaste disposal facility is a proven partner with healthcare facilities and equipment disposal.
A recycler that is compliant with or certified in R2 processes for recycling eWaste knows the steps required to keep PII inside a healthcare facility, and not resting in recycled equipment that could wind up in an auction [LINK to Morgan Stanley blog]. There is also the opportunity for additional transparency in the process when dealing with an experienced eWaste recycler.
Safe and effective eWaste recycling has an impact on the protection of personal information. It is also an important component of the financial industry, as well as other industries, but nowhere is it more important (and more regulated) than in the healthcare industry. For these reasons, Healthcare facilities, from doctors’ offices to hospitals that employ EHR and EMR technology must plan for equipment end-of-life recycling. It is a task that cannot be left up to chance.
Mayer Alloys Corporation, is an R2 Compliant Recycler, providing peace of mind that you are disposing of your organization’s electronic waste safely and responsibly. All electronic waste is recycled in an R2 Certified facility. All hard drives are destroyed, and Certificates of Destruction are provided.
For more information about electronic recycling check out our Ultimate Guide To Corporate Electronic Recycling and reach out to sales@mayeralloys.com for more information. Contact us today to find a solution to your eWaste recycling needs!
Sources:
*Reuters. “Hack at UnitedHealth’s Tech Unit Impacted 100 Mln People, US Health Dept Says.” Reuters, 24 Oct. 2024, www.reuters.com/technology/cybersecurity/hack-unitedhealths-tech-unit-impacted-100-mln-people-2024-10-24/. Accessed 27 Oct. 2024.
**“Ascension Ransomware Attack: Initial Access Vector and Data Theft Confirmed.” The HIPAA Journal, 2024, www.hipaajournal.com/ascension-cyberattack-2024/.
***“Texas Tech University Health Sciences Center Ransomware Attack Affects 1.46 Million Patients.” The HIPAA Journal, 17 Dec. 2024, www.hipaajournal.com/texas-tech-university-health-sciences-center-ransomware-data-breach/.