Hospitals prescribe more data security

Local hospitals are boosting their health data security as medical records move from paper files to online databases — a trend that’s attracting hackers to an industry previously undisturbed by breaches.

“Historically, health care organizations have in­vested less in security than other industries,” said Dr. John Halamka, chief information officer at Beth Israel Deaconess Medical Center. “However, over the past few years, the visibility of major breaches, increased enforcement and escalating threats have led boards to focus on increasing security protections.”

Premera Blue Cross announced Tuesday that data belonging to 11 million people could have been exposed in a security breach discovered Jan. 29 — the same day Anthem uncovered a breach that affected about 1 million Bay Staters.

Beth Israel has added 14 IT security-related hires and $3 million in funding over the past two years, more than doubling its security budget and staff, Halamka said.

Hospitals are scrambling to adopt electronic health record systems to comply with the Affordable Care Act, which mandates that doctors who see Medicare patients move patient information online or see reimbursement rates slashed.

The digital systems are still in a “growth stage,” making them gold mines for hackers looking to access heaps of personal information, said Tad Oelstrom, director of the National Security Program at Harvard University’s John F. Kennedy School of Government.

“The health industry and the pressures that have been on it to digitize rec­ords has been very strong, and with this pressure they are attempting to do a very, very complex task,” Oelstrom said. “The more complex, the easier it is for folks who want to get into the system.”