Report: Cyber Thieves will Increasingly Target Healthcare Companies

Your healthcare company has data – not just any data, but Protected Healthcare Information (PHI).secure-medical-records-blog2

One report predicts the data you have will be increasingly targeted by cyber-thieves who want that information.

Healthcare records hold a cornucopia of Personally Identifiable Information (PII) that can be used in multiple follow-up attacks and various kinds of fraud. In 2013, 43 percent of all major data breaches involved healthcare data, according to the Websense report.

These records contain names, addresses, social security numbers, and often times, financial and insurance information that are a cyber-thief’s bread and butter.

“Healthcare providers and business associates providing services to healthcare providers continue to overlook some of the basic steps in protecting patient data,” said Sword & Shield Director of Enterprise Solutions and Healthcare Services Fred Cobb. “Things like data encryption, solid policies and procedures, and employee security awareness training are foundational to building a strong defense against would-be cyber thieves.”

Healthcare professionals are also at risk.

“Often, they have an increased tendency to try and get around IT security policies in order to better serve their patients,” the report said. “When a doctor or nurse needs access to computing resources or data because a patient’s health is at risk, IT policy takes a back seat to the patient’s health. In the heat of the moment, such behavior can lead to increased risk to cyber threats or insecure access and storage of sensitive information.”

But Cobb says that building the right processes into the daily operational environment will enable the healthcare professional to deliver timely services without jeopardizing the safety of the patient’s privacy long after the treatment has taken place.

“Fraudulent use of stolen patient information can lead to incorrect diagnostic information ending up in a patient’s medical history,” he points out. “The consequences of this can lead to potential wrong treatment situations where the outcome could be dire for the affected individual. (This doesn’t include) the burden of proof placed on the individual when erroneous billing has occurred against an individual’s account which could lead to credit rating problems and more.

“Social security numbers obtained in healthcare data thefts can be used to file illegal disability claims,” Cobb said. “The list of bad things that can happen to you if your medical records are breached is not pretty.”

While being HIPAA compliant is a start, healthcare professionals should know that being compliant does not automatically mean your organization is secure. Compliance offers some basic security steps, but it does not eliminate your risks or prevent a breach. As healthcare companies continue to move more toward keeping electronic records, these security risks will continue to increase.

Sword & Shield can help you learn how to be both compliant and secure.


Comments are closed.