Hackers hit health companies, insurers with increasing regularity – Indianapolis Business Journal

Of all the industries in the country, health care might be the juiciest for cyberhackers. And around central Indiana, institutions large and small are paying the price.

In the past few years, some of the region’s largest health care players—including Indiana University Health, Eskenazi Health and Elevance Health (formerly Anthem Inc.)—have seen patient or customer information compromised by hackers.

So have some of the area’s smaller hospitals, including Hancock Health and Johnson Memorial.

Hospitals, health insurers and medical clinics are loaded with patient and employee data that can be mined for identity and medical theft. Hackers can shut down computer systems for days or weeks, holding hospitals hostage until ransom is paid.

One of the latest attacks became public last month when the Maine Attorney General’s Office disclosed that a software vendor to Indiana University Health and nine other U.S. health systems was attacked.

The vendor, MCG Health, told authorities an “unauthorized party” obtained names, Social Security numbers, medical codes, postal addresses, telephone numbers, email addresses, birthdates and gender information for 1.1 million patients of about 10 hospital clients.

IU Health, the largest hospital system in Indiana, said it notified 60,000 patients about the breach, but declined to reveal details or answer further questions.

“Because this is MCG’s data breach, we recommend you contact them for information. They would have specific details relating to the breach,” IU Health said in a brief statement.

MCG, based in Seattle, did not respond to emails and phone calls from IBJ. Multiple class action lawsuits have been filed against the software company, a subsidiary of Hearst Health, in a federal district court in Washington state. The lawsuits allege negligence, invasion of privacy, breach of confidence and violations of consumer protection laws. IU Health and the other hospital systems were not named as defendants.

Nationally, cybersecurity breaches in the health care sector hit an all-time high in 2021, with nearly half of all hospitals in the country reporting an attack, according to a report from cybersecurity…