With cybersecurity efforts increasing and becoming more sophisticated in approach, cybercriminals are resorting to extreme tactics. What measures can you take to protect yourself and your identity?
Healthcare is a hot topic these days. Costs are skyrocketing, and fewer skilled workers are entering the medical profession. There are often more questions than answers to any health situation. Time can be critical and limited to successfully diagnose a patient and begin treatment, and the care process is expedited with increased risks from this hurrying.
To get a clear picture of the patient as a whole, medical professionals ask for a full patient history before treatment, including vaccinations, surgeries, allergies, and other pertinent details for the current situation. This is all incredibly helpful for both the patient and the provider. Doctors rely on transparency and communication to diagnose and treat.
All of this information is stored in a patient “chart”. The word “chart” is not as applicable today as it was 20 years ago, when folders or binders with prongs and dividers, etc., held paper copies of test results, physician notes, reports, and anything related to a patient’s health, as well as medical history forms and basic information forms filled out by the patient with personal information like full name, address, and contact details.
A recent trend, begun in the last decade, is the conversion of this data to electronic records. The brilliance of this transition is the ability for a provider to access a patient’s medical records and information from any location – especially in case of an emergency. Gone are the days when a doctor will need to request a patient’s chart from another provider to aid in making a diagnosis and care action plan, possibly delaying treatment for a week or more. The ability to access electronic health records gives care providers a wealth of patient records at their fingertips for more accurate diagnoses and treatment plans and expediting care.
As with anything digitally maintained and transmitted, security is a concern. The healthcare industry seems always to be playing catch-up since its very nature is reactive. Preventive medicine is the ultimate goal, but predicting illnesses like sinus infections or the flu is a near-insurmountable challenge. Patients can minimize the likelihood of symptoms and risks with daily multivitamins, a balanced diet, moderate exercise, and maintaining optimal conditions, like taking an antihistamine for allergies in the case of preventing a sinus infection. Preventing the flu comes down to environmental factors, like ample hand washing and clean surroundings – and, of course, getting your vaccination (the “flu shot”) each year.
Healthcare technology has focused on advancements in diagnosis and treatment rather than recordkeeping and billing, and as such the industry lags behind others, like banking, retail, and entertainment. Unfortunately, the combination of struggling technology and personally identifiable information (PII) speaks to a weakness in cybersecurity. It’s vulnerabilities like these that cybercriminals — hackers — seek to exploit for personal gain.
Why would hackers target medical offices or hospitals for health records? For the same reasons, hackers target any cybersecurity vulnerability: to exploit a weakness for personal gain. Stop and think for just a moment what your health records contain. Aside from your home address, forms likely include your employer, your social security number, the names and details of your family members, and very personal information that someone else could use to completely duplicate your life for illicit purposes.
Have you ever had your credit card used for a fraudulent transaction? Have you ever had your bank account compromised? Have you ever been notified that your personal information was affected by a security breach? These are all fundamental elements of identity theft, but in each situation, there is a credible party whose responsibility it was to protect you and your information with a security guarantee. Think back to what we said about healthcare technology. If security breaches can happen to financial institutions, where maximum cybersecurity protocols are deemed essential for day-to-day operations, it’s scary to think of healthcare data being electronically stored. You can change your bank, and a credit card company can re-issue you a card with a new number to protect your account, but you can’t exactly just change your medical records. It’s a scary thought.
One major issue causing the healthcare industry to lag when it comes to cybersecurity is that professionals in the medical field are focused on technology primarily as it relates to healthcare. Those in charge of records and billing tend to have representation in smaller numbers than doctors, nurses, and others that provide patient care – since the purpose of their profession is patient-centric. The industry has yet to fully carve out a niche for top IT talent, much less define their role. The added complication is that healthcare professionals by their very nature must share information with each other about patients to serve in the patients’ best interest. Comparing this to financial institutions isn’t an apples-to-apples comparison since banks keep information securely buttoned up, leaving healthcare IT professionals to explore completely new territory and make up the rules as they go along.
So, what is your life worth to hackers? Did you know your health information can be used to fraudulently obtain prescriptions that are then sold on the black market at a significant profit? The inherent value of this type of information is much higher than the value of a single credit card number with accompanying information. Some reports say that the value of a patient’s health record is exponentially higher than the value of an active and usable credit card number, and this number can’t be truly measured financially until we know more about how the information is used – and isn’t something we hope to be able to determine.
The cost impact of cybersecurity breaches grows each year, and new players are targets due to their lack of experience. The newness of electronic health records compared to the established processes of other tech players translates into confusion and communication challenges and a resistance to change – a “deadly” combination for the life of a patient. Medical professionals are open to change when it comes to the medical field, but much of the processes for patient data and payments haven’t changed in decades. Dated networks and systems are one hurdle; economic considerations and budget allocations are another. The financial impact of simultaneous updates for staffing and systems, and the confusion by the many changes potentially occurring together only add to the complications. Are you picturing a medical office with all the nurses and staff bumping into each other, running into walls, dropping instruments, and just chaos in general? That is a bit extreme – but you get the idea. Now imagine if a hacker suddenly blocks access to all of these medical records until a fee is paid to release the records – a cyber attack with ransomware. Not a huge deal if someone needs treatment for that sinus infection or a flu shot, but imagine if this impacts a dialysis treatment for failing kidneys, or chemotherapy treatment for cancer, or worse.
All of this reinforces the need for the healthcare industry to get up to speed – now. What can you do to bring your practice up to speed? Take the first step today!