Data Breaches are Hitting the Healthcare Sector. Here’s What You Need to Know

Every time you turn around there’s another major data breach in the news. From Equifax to Marriott to Target, consumers face data privacy risks everywhere they go.

Now, that includes the doctor’s office. Since the 2015 Anthem breach that compromised 78.8 million records, healthcare data breaches have exploded to the point that healthcare is now the industry where your personal data is most likely to be exposed. What does that mean for you? Read on to find out.

Healthcare Data Breaches are a Major Problem

     “Healthcare-targeted cybercrime is a growing sector, with threats increasing in volume and severity while highly-valuable patient data remains unguarded. With a combination of unsecured electronic healthcare records (EHR) spread over a broad attack surface, cybercriminals are cashing in on industry negligence, exploiting vulnerabilities in unpatched legacy software and social engineering unaware hospital staff into opening malicious emails,” MalwareBytes Labs reports. Read more.

     2019 was the worst year on record for healthcare data breaches, according to NetSec News. There were 572 breaches of more than 500 records in 2019, exposing more than 41 million patient records. The largest breach of the year? A debt recovery agency working with a HIPAA-covered entity. Read more.

     Security Magazine: “Currently, healthcare provider data is some of the most highly valued information on the dark web, alongside Personal Health Information (PHI), forged prescriptions, and health insurance login information. Cybercriminals seek this data for its unique profitability, as obtaining these materials opens the door for a number of different forms of cybercrime.” Read more.

A Lot of Companies Have Access to Your Healthcare Data

     “HIPAA permits covered entities to share protected health information (PHI) with third-party vendors such as claims processors, consultants, independent medical transcriptionists, pharmacy benefits managers and other organizations that will have access to protected medical records, called business associates (BAs),” Corporate Compliance Insights explains. “The number of vendors utilized by hospitals on average is 1,300 … This makes the risk management of vendors very time-consuming and costly.” Read more.

     According to NormShield, third-party vendors are a primary source of healthcare data breaches, second only to phishing attacks. “Health Insurance companies, medical-equipment suppliers, imaging centers, marketing companies, data-management companies, website and email providers are all potential third parties that attackers can find a way through healthcare providers’ systems,” they explain. Read more.

     However, even healthcare systems themselves are vulnerable. Healthcare IT NEW reports that “in Verizon’s 2019 Data Breach Investigations Report, healthcare was the only industry in which the insider threat created more data breaches than external attacks, with 59% of data breaches being associated with internal actors. …

[Tony Pepper, CEO of Egress, explains] ‘Not every insider breach is the result of reckless or negligent employees, but regardless, the presence of human error in breaches means organisations must invest in technology that works alongside the user in mitigating the insider threat.’” Read more.

What Needs to Change in Healthcare Cybersecurity

     “That’s not to say that hospitals aren’t paying any attention to their computing systems. It’s just that their focus tends to be on a different kind of security. Data security practices in place in hospitals usually prioritize protecting patient privacy, because organizations can be fined under HIPAA for exposing patient data,” reports The Verge. Read more.

     However, “If healthcare providers do not take appropriate measures to safeguard patient information, the number of hacks will continue to climb,” The Doctor Weighs In warns. “Healthcare administrators need to focus on technology upgrades, staff training, network access limitations, and greater accountability with third-party vendors.” Read more.

     Datica explains that “without a standardized framework, process, and certifying body, HIPAA is often an obstacle for healthcare technology. HITRUST is an attempt to help vendors better prove their security and to help covered entities streamline security and compliance reviews of vendors.” Read more.

How You Can Protect Yourself from Healthcare Identity Fraud

     “The first step is to closely watch your medical records, medical bills/ statements, and any communications or notices you get from benefits providers, health plans, doctors, medical labs and other healthcare providers. The three most common ways that medical ID theft victims discovered they'd been ripped-off was from errors on medical bills or collection letters, discovering mistakes in their health records from treatments given to someone else, or mistakes in their health insurer's explanation of benefits.” Read more.

     If you discover your medical records have been stolen, send written requests to providers asking that your records be corrected and file an identity theft report with the Federal Trade Commission. Read more.

Healthcare data breaches aren’t just a problem for healthcare providers and their business associates. Medical identity theft can be dangerous and costly for consumers too. As you think about ways to protect your privacy in everyday life, make sure your medical privacy is at the top of the list.

Image via Unsplash


Content Ad

Recent Comments

Premium Blogspot Templates
Copyright © 2012 Men's Corner