Protecting the Data Vault
Not every data breach is a cyber security issue, but hackers are increasingly looking for weak systems to collect information for intelligence reasons, fraudulent insurance claims, identity theft and ransomware, where a malicious program stops a user from accessing devices until a payment is made.
An electronic health record (EHR) database contains personal information that does not expire ― such as Social Security numbers ― and can be used over and over for malicious intent. The cyber criminal underground can cherry-pick the various parts of protected health information records, which include medical histories, test results, health issues past and present, prescription drug use, treatments, methods of payment, home addresses, credit card numbers, health insurance information, Social Security number and birth date.
Medical records also have a long shelf life. If a thief steals your credit card or bank account number, it’s useful only until the credit limit is maxed out or you report the loss and the account is closed. But some information in a medical record can provide steady long-term income for scammers.
While cyber attacks on the health care industry may pose immediate health risks to patients, with consequences like hospitals closing and procedures needing to be rescheduled, the big concern must include data breaches. We are all aware of the recent headlines about major data breaches of personal information and similar cyber incidents, from the theft of 145 million records from a major credit reporting agency to reports about ransomware shutting down businesses.
In our digital health care world, the reliable availability of accurate health data to clinicians is critical to care delivery and any disruption in access to that data can delay care or jeopardize diagnosis.
For health care providers and insurers, there is typically no limitation for patients to disclose information about their health. Just as any patient can and should share concerns about their health with family and friends, any patient can now easily share anything they want with the world via social media or join an online support group. Although these are generally positive steps that help an individual with health concerns find support and receive advice, we now need to be much more conscious about what we share and where it ends up.
Some things you should consider include: How large is your social network, and who gets to see what you are sharing? Who is hosting the support group you just joined and what is their commitment to data privacy?
This should not be interpreted as advice against sharing or seeking support online. The more we know, the better prepared we are, and the better health care decisions will we be able to make.
Melody K. Smith
Sponsored by Access Integrity, delivering advanced technology solutions for full and complete compliant processing of medical transactions to the healthcare industry.