California’s health care industry is a data-security laggard, failing to sufficiently protect sensitive information stored on lost or stolen laptops, smartphones and flash drives, according to state Attorney General Kamala Harris.
It’s not just personal records. Hackers have begun threatening the basic day-to-day functioning of hospitals and other health care facilities, made vivid by the Feb. 5 ransomware attack on Hollywood Presbyterian Medical Center in Los Angeles.
In that attack, hackers encrypted critical files on the center’s computer system and demanded $17,000 in ransom for the digital key to make them readable again.
In a controversial move, the hospital sent the unidentified hackers the money in a digital currency known as Bitcoin — tough, if not impossible, to trace. Critics said paying the ransom would only invite more attacks, but hospital executives, who noted employees had turned to pen and paper for record keeping, insisted they needed to get the center running again.
“Now that organizations rely increasingly on the collection and use of personal information and criminals take advantage of security weaknesses to obtain and profit from that same information, it is more important than ever that all of us redouble our efforts to ensure that this data does not end up in the wrong hands,” Harris wrote the report, which covers reported data breaches across all industries in California from 2012 to 2015.