• (888) 849-6818
  • 9 AM to 5 PM Eastern Monday - Friday
  • Global Data Systems Inc. 33 Riverside Drive Pembroke, MA 02359

Without Secure Patient Data Systems In Place…You’re Putting Your Healthcare Facility at Risk.

Why is healthcare data security so important? Well, without it, you’re putting your own position and the future of your healthcare facility at great risk. Your healthcare data security should be considered of topmost importance, right alongside providing the patient care itself.

Health and healthcare are at the top of most people’s lists for “most important things in life”. But we start appreciating it only when it becomes threatened. And now, in 2017, we have both our physical health and our health records to worry about.

Since we’ve begun using electronic medical records, and the HIPAA provisions took hold in 1996, healthcare data security has become one of the most important aspects of data management and protection.

Let’s explore why that is.

In recent years, the hackers’ interest in electronic medical records has increased sharply. On the black market, this kind of information is much more valuable than the credit card numbers and bank account passwords.

That seems surprising, doesn’t it?

But when you think about it, the reasons become quite obvious. After all, the data in the electronic medical records contains:

  • Patients’ names, their dates of birth;
  • Addresses (postal and electronic);
  • Phone numbers;
  • Places of work and positions;
  • IDs, card numbers, medical and social insurance.

This information can be used for complete identity theft, rather than just for a one-time bank account hack.

Another important reason is weak patient data protection policies in medical institutions. Both banks and other financial institutions have already created a strong system of data protection. Two-factor authentication has become a ubiquitous standard for banks. The clients of the banks can get access to the information only after entering the OTP (one-time password). But the public health associations, on the contrary, have not paid attention to the health data security measures for a long time and thus became an easy prey for the hackers.

How the Cybercriminals Use Stolen Electronic Medical Records

In addition to the identity theft, which was mentioned above, there are other ways the information contained in electronic medical records is exploited. Among them, there are three specific ways to use this certain type of information.

  • Receiving medical care at the expense of others.

Some treatments can be expensive and, thus, physician services, received by the fraudsters, can damage a victim’s financial well-being.

  • Machinations with medicines.

Hackers, who have a good health and don’t need treatment, can get a good income ordering some expensive drugs on behalf of a legitimate medical cardholder with the aim to resale them.

  • Conspiracy with clinic employees.

If criminals manage to get in touch with an unscrupulous clinic, an insurance company may be billed for services that have never been rendered, and the money will be divided between the clinic and fraudsters.

Why Are Medical Records Hacks So Dangerous?

Medical data hacks may result in not only material losses but also endanger the health and lives of people whose information was stolen. After all, fraud actions (receiving of medical services, purchase of medicines) get into the real clinical history of the patient.

And, in case the real owner needs urgent help, physicians will be misled by incorrect information, which has no relation to the patient. For example, a person may have an allergic reaction to some drugs, but it won’t be specified in the electronic medical records because of the fraudster’s intervention.

We should keep in mind that although you can easily lock and subsequently change bank accounts and cards, it is completely impossible to get back the compromised and disclosed medical data.

Some Key Healthcare Data Security Tips

Despite all the dangers healthcare data security encounters in the age of computer technologies, there are available ways to reduce the risks, and GDS can implement them for you.

Like any other type of organizations, medical facilities need medical data protection from the following threats:

  • Targeted attacks (like DDoS attacks) and hacking from the outside;
  • Virus or malware infections;
  • Employee actions committed because of illiteracy or with a purpose to steal medical records.

The first two are usually eliminated by cybersecurity experts. To prevent a human factor, in addition to the administrative work with the staff, the clinics need a reliable means of strong user authentication when getting access to the electronic medical records and patients’ data.

It is difficult to spot that the medical records storage has been hacked since the owners of the insurances don’t get the billing information immediately. The banks usually immediately inform their customers about any actions on their accounts via text messages on a phone number linked to the account. Thus, the person, if necessary, may report on a particularly suspicious transaction.

Moreover, often, to make a transaction, the bank clients need to confirm their identity. If such means of user authentication were used by medical facilities, many healthcare data frauds could have been avoided.

Two-factor authentication or 2FA with one-time passwords (OTPs) has become the standard for a variety of digital companies. Hardware and software OTP tokens, which generate the one-time passwords, are often used to increase the data protection level. These tokens do not need the Internet connection, thus, they help to avoid the OTP passwords interception. For the companies dealing with the money, strong user authentication is a must.

2FA has proven its reliability long ago. Thus, it may be useful for the healthcare data security as well.

According to the information published in different sources, only in 2015, 100 million people in the United States became the victims of the electronic medical records hacks. The largest information frauds were the attacks against the Anthem Company (78.8 million people) and Premera Blue Cross Company (about 11 million customers). In other countries, statistics is not so sad. But it is only because in many countries the level data digitization in medical institutions is not high.

But nothing stands still, and sooner or later the electronic medical records will be used in all hospitals all over the world. Thus, it is important to take care of healthcare data security in advance.

The Facts on Personal Health Information Theft

Did you know 2015 counted over 11 million personal health information breaches in the US?

This information is of incredible value to hackers. Who have no shame in using it for health-related fraud like fake claims.

This is not something healthcare providers and patients alike want to worry about on a daily basis. However, the spike in the use of healthcare technology has made patient data security more important than ever.

Healthcare institutions are welcoming technology solutions and healthcare data security upgrades with open arms. They see the benefits of solutions like patient entertainment displays, computers on wheels and EHR software.

But adopting technology in hospitals means taking the right measures to enjoy technology in a safe way.

The alarming number of breaches in recent years have inevitably made network security and patient data security one of the biggest concerns for healthcare providers.

Trends show that hackers start putting their eggs in the personal healthcare information (PHI) basket. PHI is 10 times more valuable than credit card data and is about 100 times easier to get a hold of.

Win-win for the hackers right?

PHI contains vital information like name, age, gender, address, social security number, insurance information and personal medical history data of patients. Hackers use this information to make fake IDs, buy drugs or even apply for forged insurance claims.

As part of the process of implementing better healthcare data security policies, the National Center for Biotechnology Information recommends that all institutions in the health research community that are involved in the collection, use, and disclosure of personally identifiable health information (PII/PHI) should take strong measures to safeguard the security of health data.

For example, institutions should or could:

  • Appoint a security officer responsible for assessing data protection needs and implementing solutions and staff training.
  • Make greater use of encryption and other techniques for data security.
  • Include data security experts on IRBs.
  • Implement a breach notification requirement, so that patients may take steps to protect their identity in the event of a breach.
  • Implement layers of security protection to eliminate single points of vulnerability to security breaches.

We can advise you on these suggestions and all aspects of healthcare security.

Ready to Step-Up Your Healthcare Data Security Policies?

If so, just give us a call at (888) 849-6818 or email us at info@GDSConnect.com and we will advise you on how to start getting the best healthcare IT services from a leading Boston IT consulting company that can optimize your healthcare data security policies in quick order!

Contact Info

Have A Healthcare Technology Question?
Reach Out To The GDS Healthcare IT Consulting Team.