June 13, 2017
Research reports are touting 2017 as the year of the healthcare breach – again.
Information thieves have been targeting this sector for several years, and the 2017 Data Breach Industry Forecast by Experian concludes medical identity theft will continue to be a focal point.
Personal medical information is one of the most valuable and accessible types of data for attackers to steal, stated the report. Nearly 90% of healthcare organizations in the Sixth Annual Benchmark Study on Privacy & Security of Healthcare Data had a data breach in the past two years, and nearly half had more than five data breaches in the same time period.
Here are the top ways criminals steal medical ID's – and how to prevent medical identity theft.
SHARING CREDENTIALS: A Medical Identity Fraud Alliance survey revealed that nearly 6 in 10 people whose medical identities had been stolen either knowingly shared their insurance information with someone they knew, or had their insurance information taken by a family member without their consent. Stop them: Healthcare providers must properly authenticate all patients. Individuals should protect personal identification, and never share their medical ID's with anyone.
RANSOMWARE AND OTHER MALWARE: Medical service providers are a huge target for ransomware, which encrypts files and holds them hostage until a ransom is paid. Many attackers using malware enter a network by a phishing email.Stop them: Healthcare providers must implement stronger security including multi-factor authentication, encryption, and regular patching and updating. Also, back up data, and provide on-going employee education. Individuals must know how to recognize and deal with phishing scams. For example, never click on a link on a website or in an email unless it’s a trusted page or sender.
INTERNET OF THINGS (IoT): Privacy and security are a huge concern with wireless medical devices and ‘wearables’. The main concern is that poor security standards allow criminal activity. Stop them: Healthcare providers should segregate IoT-enabled medical devices from the public internet, and implement continuous monitoring. Individuals should purchase recognized brands, and research security features. Also, think carefully about whether you should provide personal information or not when asked.
PUBLIC WI-FI: The open nature of public Wi-Fi allows for snooping and other criminal activity. Stop them: Do not log into health accounts on public Wi-Fi, or access or send any confidential health (or other) data on public networks.
DATA HOARDING: Lingering paper or digital health documents are targeted by information thieves. Stop them: Encrypt electronic records and store on a password-protected external hard drive; store paper records and CDs in a locked file cabinet. Purge data regularly, and securely shred confidential health information that is no longer needed.
MOBILE DEVICES: According to the benchmark study, the theft of mobile devices is a significant threat in the healthcare sector. Stop them: Learn mobile device best practices.Never leave devices visible in parked vehicles or unattended in public places. Encrypt all health documents saved on hard drives. Securely destroy hard drives that are old or broken.