Data Breaches are Hitting the Healthcare Sector. Here’s What You Need to Know
Every time you turn around there’s another
major data breach in the news. From Equifax to Marriott to Target, consumers
face data privacy risks everywhere they go.
Now, that includes the doctor’s office. Since
the 2015 Anthem breach that compromised
78.8 million records, healthcare data breaches have exploded to the point that
healthcare is now the industry where your personal data is most likely to be
exposed. What does that mean for you? Read on to find out.
Healthcare Data Breaches are a Major Problem
●
“Healthcare-targeted cybercrime is
a growing sector, with threats increasing in volume and severity while
highly-valuable patient data remains unguarded. With a combination of unsecured
electronic healthcare records (EHR) spread over a broad attack surface,
cybercriminals are cashing in on industry negligence, exploiting
vulnerabilities in unpatched legacy software and social engineering unaware
hospital staff into opening malicious emails,” MalwareBytes Labs reports. Read more.
●
2019 was the worst year on record
for healthcare data breaches, according to NetSec News. There were 572 breaches
of more than 500 records in 2019, exposing more than 41 million patient records.
The largest breach of the year? A debt recovery agency working with a
HIPAA-covered entity. Read more.
●
Security Magazine: “Currently,
healthcare provider data is some of the most highly valued information on the
dark web, alongside Personal Health Information (PHI), forged prescriptions,
and health insurance login information. Cybercriminals seek this data for its
unique profitability, as obtaining these materials opens the door for a number
of different forms of cybercrime.” Read more.
A Lot of Companies Have Access to Your Healthcare Data
●
“HIPAA permits covered entities to
share protected health information (PHI) with third-party vendors such as
claims processors, consultants, independent medical transcriptionists, pharmacy
benefits managers and other organizations that will have access to protected
medical records, called business associates (BAs),” Corporate Compliance
Insights explains. “The number of vendors utilized by hospitals on average is
1,300 … This makes the risk management of vendors very time-consuming and
costly.” Read more.
●
According to NormShield,
third-party vendors are a primary source of healthcare data breaches, second
only to phishing attacks. “Health Insurance companies, medical-equipment
suppliers, imaging centers, marketing companies, data-management companies,
website and email providers are all potential third parties that attackers can
find a way through healthcare providers’ systems,” they explain. Read more.
●
However, even healthcare systems
themselves are vulnerable. Healthcare IT NEW reports that “in Verizon’s 2019
Data Breach Investigations Report, healthcare was the only industry in which
the insider threat created more data breaches than external attacks, with 59%
of data breaches being associated with internal actors. …
[Tony Pepper, CEO
of Egress, explains] ‘Not every insider breach is the result of reckless or
negligent employees, but regardless, the presence of human error in breaches
means organisations must invest in technology that works alongside the user in
mitigating the insider threat.’” Read more.
What Needs to Change in Healthcare Cybersecurity
●
“That’s not to say that hospitals
aren’t paying any attention to their computing systems. It’s just that their
focus tends to be on a different kind of security. Data security practices in
place in hospitals usually prioritize protecting patient privacy, because
organizations can be fined under HIPAA for exposing patient data,” reports The
Verge. Read more.
●
However, “If healthcare providers
do not take appropriate measures to safeguard patient information, the number
of hacks will continue to climb,” The Doctor Weighs In warns. “Healthcare
administrators need to focus on technology upgrades, staff training, network
access limitations, and greater accountability with third-party vendors.” Read more.
●
Datica explains that “without a
standardized framework, process, and certifying body, HIPAA is often an
obstacle for healthcare technology. HITRUST is an attempt to help vendors
better prove their security and to help covered entities streamline security
and compliance reviews of vendors.” Read
more.
How You Can Protect Yourself from Healthcare Identity Fraud
●
“The first step is to closely
watch your medical records, medical bills/ statements, and any communications
or notices you get from benefits providers, health plans, doctors, medical labs
and other healthcare providers. The three most common ways that medical ID
theft victims discovered they'd been ripped-off was from errors on medical
bills or collection letters, discovering mistakes in their health records from
treatments given to someone else, or mistakes in their health insurer's
explanation of benefits.” Read more.
●
If you discover your medical
records have been stolen, send written requests to providers asking that your
records be corrected and file an identity theft report with the Federal Trade
Commission. Read more.
Healthcare data breaches aren’t just a problem
for healthcare providers and their business associates. Medical identity theft
can be dangerous and costly for consumers too. As you think about ways to
protect your privacy in everyday life, make sure your medical privacy is at the
top of the list.
Image via Unsplash
0 comments: