• HS - Medical ID Theft

    By Robert Tedeschi 
    School of Health Sciences Facutly

    Medical identity theft is becoming a concern in the health care industry. The demand by providers to gain access to electronic health records and/or health portals has allowed hackers new avenues and markets to target. 

    Earlier this year, Hollywood Presbyterian Medical Center was forced to pay a 40-bitcoin ransom (the equivalent of approximately $17,000) after a hacker seized control of the hospital’s computer system.  The incident encountered at Hollywood Presbyterian is not unique since numerous government and civilian businesses are encountering the same problem but are not dealing with life-threatening consequences. The major difference is that medical information must be accessible 24/7 and interrupting the access can cause serious problems.  

    Managing medical computer centers has become a funding controversy and HIPAA has just begun to develop criteria and procedures to address the problem—which may be too late. The HIPAA privacy regulations require health care providers and organizations, as well as their business associates, to develop and follow procedures that ensure the confidentiality and security of protected health information (PHI) when it is transferred, received, handled, or shared. 

    As the Director of Naval Hospital Computer Center, I’ve had to implement procedures to reduce exposure to hackers. I’ve found the best procedure employed was maintaining viable backups and journals of all activities for tracking intruders. I created a positon in the computer center for overseeing all activities and employed the same procedure used by the IRS for assigning access.

    Payment of ransom for the hackers to release control of the information is not right. Hackers may be within the organization or outside the organization but all procedures must be maintained and assured that offsite computers are available at a moment’s notice to provide basic medical access to only key personnel for restoring services.

    In the event of a breach, the first task is to regain control of a viable computer platform for providing basic services and then rebuild the in-house platform.  The next step is to isolate all accounts and begin retrieving accounts for locating the hackers.

    Prevention Tips

    HIPAA has created a very comprehensive checklist to assist computer centers in drastically reducing exposure by hackers. Creating extensive procedures and maintaining current firewalls/malicious software will control all traffic as well as assigning individual(s) for overseeing security operations.  

    Actions taken to reduce the theft in medical centers include:

    • Use a firewall: control all traffic through the network and certify all participates. 
    • Secure network: assigning a security individual for maintaining the accounts and certify all users. 
    • Security software: install different types of security software/encryption tools that someone is overseeing and can be shared with administration for elevating any problems.  
    • User account/password: active procedures and certification maintained for assigning access to the users. 
    • Create a viable backup computer platform: key users must have access to the offsite platform in the event that the main platform fails.  


    Robert Tedeschi is a faculty member at Kaplan University. The views expressed in this article are solely those of the author and do not represent the view of Kaplan University. 

  • Related Articles

      • HS - Electronic Records Thumb

        Electronic Medical Records and the Future

        Read More
      • HS - Nontraditional NS

        Inspiration From a Nontraditional Student

        Read More


    Did you find this article interesting? If so, share it!



    And if you are considering pursuing a health sciences degree, we invite you to find out more about Kaplan University's School of Health Sciences and explore our undergraduate and graduate degree offerings.

Request Information

  • (optional)
  • Step 1 of 2

Health Sciences


  • Transfer Credit
  • Paying For School
  • Kaplan Commitment