Share

The Washington Post was quite blunt when it labeled 2015 as the year of the healthcare hack.

The newspaper reported that more than 120 million people’s health-related data has been compromised since 2009 in more than 1,100 separate breaches at organizations that handle protected data.

Getting the most attention, Anthem, the United States’ second largest health insurer, was hacked this year, and both Premera Blue Cross and CareFirst BlueCross BlueShield recently announced their networks and data were breached in 2014 in separate attacks.

“2015 is shaping up to be the year consumers should be taking a closer look at who is guarding their health information,” wrote Andrea Peterson, a Washington Post reporter.

Cyber criminals and hackers see healthcare information as highly valuable on the black market, in part because it has a long shelf life, unlike credit card numbers that can be replaced or cancelled with relative ease. An individual’s health data remains essentially unchangeable.

In its 2015 Data Breach Industry Forecast, Experian plc, a global information services group, wrote, “Healthcare organizations face the challenge of securing a significant amount of sensitive information stored on their network, which combined with the value of a medical identity string makes them an attractive target for cyber criminals. The problem is further exasperated by the fact that many doctors’ offices, clinics and hospitals may not have enough resources to safeguard their patients’ PHI [personal health information].”

Looking into Onvia’s database reveals that recent state and local contracting activity has taken an increased focus on protecting patient healthcare data. 

Securing Electronic Health Records

As patients get more comfortable with technology and more doctors’ offices seek to get rid of paper health records, public-sector healthcare providers are moving to electronic health records (EHR), increasing the need for a data security.

Onvia’s Project Center shows that state and local government agencies announced 1,186 solicitations for EHR and related security and privacy services in 2014. They also made 211 awards that year, with 25% of those awards valued at $100K-$500K in contract value and 26% valued at $25K or less.

 
Issued a bid in April 2015 for a possible eight-year contract for a billing and electronic health record (BEHR) system. The BEHR system is used in 54 public health offices across multiple programs. The state needs an updated, web-based software system to provide more functionality and efficiencies.
 

Agencies need more than just the software, they also need training and technical support to use it to its full potential.

 
Released a request for proposals in April 2015 for support in training Oregon Medicaid providers with the “meaningful use” of certified EHR technology, as well as with submitting their clinical quality metrics electronically.
 

Healthcare Agencies are Raising Protective Walls

The experts and organizations tracking the healthcare data industry have seen a noted influx of healthcare hacks. Fifth Annual Benchmark Study on Privacy & Security of Healthcare published by the Ponemon Institute found that 90% of organizations have suffered a security incident due to malware attacks with the most common type of information stolen being medical records, followed by billing and insurance information. Here's an infographic depicting some of the key findings from the Ponemon Institute's study and key market insights from Onvia's database of state and local government market intelligence:

The State of Privacy and Security: Healthcare Data - Onvia

Onvia’s Project Center shows that state and local government agencies released 378 solicitations in 2014 for computer software and services related specifically to healthcare data security initiatives. Agencies also issued 80 awards—twice as many compared to 2013. 68% of those awards ranged from $1-$10 million in contract value.

 
Awarded Hewlett-Packard a $50.5 million three-year contract ending in December 2016 for Medicaid Management Information System (MMIS) Services.
 
 
Awarded a five-year contract valued at $19 million in June 2014 to Netsmart Technologies for an electronic medical business record system. Netsmart Technologies is an IT solutions provider that focuses on the healthcare industry.
 

Key Takeaways for Contractors

Healthcare organizations hold precious data for millions of Americans, and cyber criminals have become more inclined to steal that data. To help prevent future data breaches state and local government agencies are seeking out the help of government contractors to build the necessary protections around sensitive healthcare data.

Furthermore, agencies are dealing with an ever-evolving hacking environment and do not necessarily have the expertise to write complete specifications in their solicitations. This presents an opportunity for experienced contractors to identify those agencies that are planning to secure their networks, develop a strong relationship before the bid or RFP is even published, become a participating consultant and influence how the RFP is written. Companies who wish to help support state and local health agency efforts to protect patient data should consider business and consulting services and IT software and services as key areas where the healthcare data security contracts are available.