Our wired world unavoidably puts our personal information at potential risk. The points of vulnerability are many: Our home computers. Banks and credit unions. Online retailers. Government agencies.
And medical facilities.
Indeed, the health care sector has been regularly a target of hackers across the country. Nebraska has had several examples. Malware, brought in by a third-party vendor’s device, struck a CHI Health location in 2019. The year before, a hacker accessed patient information at Boys Town National Research Hospital.
Last week, Nebraska Medicine became the latest health care facility targeted in our state for cyberattack. The assault — described as a “significant information technology system downtime event” — led the hospital to postpone patient appointments, with staff resorting to old-style charting of medical information.
Nebraska Medicine has since regained its footing in terms of service delivery.
“People have done a yeoman’s job in making sure we deliver good patient care,” the hospital’s CEO, Dr. James Linder, told The World-Herald. Nebraska Medicine kept its emergency rooms open and didn’t need to divert patients to other hospitals.
The hospital’s information system retains patients’ electronic medical records.
But as of this writing, Nebraska Medicine has not answered this central question: Did the hacking attack access patients’ medical or financial information?
It’s imperative that the hospital demonstrate respect for its patients by promptly letting them know whether that information was put at risk during the cyberattack.
Any institution has an obligation to provide transparency in its operations, and that’s absolutely the case when a medical facility’s electronic records suffer an intrusion by hackers.
Last year, Boys Town National Research Hospital agree to a settlement to resolve a class-action lawsuit over the cyberattack it had suffered. In 2018, insurer Anthem Inc. agreed to pay the federal government $16 million to settle potential privacy violations.
Nebraska Medicine is a respected Omaha institution that contributes greatly to our area’s quality of life. The hospital’s community obligations include informing patients in the wake of a cyberassault. Keeping patients in the dark in this matter ill serves the public. It’s time for Nebraska Medicine to embrace responsible transparency.