Healthcare Data Breach Is a Real Concern – Can It Be Effectively Prevented?
With increasing sharing of health data for medical records review & other purposes, data breaches are more likely. Some preventive measures can be adopted.
MOS: Medical Record Review Service 8596 E. 101st Street, Suite H Tulsa, OK 74133 www.mosmedicalrecordreview.com
(800) 670 2809
Online safety of crucial personal information is a very important consideration in the current digital age. Whether it is for the purpose of medical record review for attorneys or medical record retrieval for some medical or legal purpose or for purposes of information sharing, transmission of medical records has to be carefully done. National Cyber Security Awareness Month is observed every October and this becomes more relevant with each passing year. Personal data is readily available online now, and threats of identity theft continue to increase with the increase in use and availability of various technological devices. Healthcare Data Breaches on the Rise Hackers indulge most commonly in phishing – they send emails posing as a legitimate company attempting to illegally obtain personal information including medical records or credit card information. Hospitals and other medical groups are the top targets in this regard. Medical records are often much more valuable than credit card information because medical records are used to buy drugs on the black market. Medical groups that are equipped to face cyber security threats anticipate it and stay prepared. However, the healthcare sector is known for its underinvestment in cyber security, and the Department of Health and Human Services itself has raised concerns regarding the “critical condition” of this sector. •
According to Symantec, a single medical chart is worth 50 social security numbers, but healthcare generally invests only 4% to 6% of its IT budget in cyber security (according to the SANS Institute). In comparison, the financial sector spends 10% to 12%. Therefore it is no wonder that criminal attacks are the leading cause of healthcare data breaches.
•
The number of healthcare providers that experienced a hack grew 320% in 2016, causing a 181% increase in the number of records hacked in a single year, according to a CynergisTek report.
Medical Devices Are also Vulnerable The advantages of medical devices are manifold and these include improved patient care, cost savings and workforce productivity. But these devices face significant dangers from cybercriminals. Around 4,000 ransomware attacks happened each day in 2016. According to Symantec’s findings, ransomware has been increasing 36% in 2016 alone. In May 2016, WannaCry shut down 65 hospitals in the United Kingdom, affecting computers as well as MRI machines and refrigerators. Ransomware is easy to buy and difficult to trace, which
www.mosmedicalrecordreview.com
(800) 670 2809
accounts for its popularity. The average ransom amount has increased, jumped 266%, up to $1,077 in 2016. Dire Consequences of Data Theft •
Data theft consequences are much more than mere fraudulent purchases and spoiled credit.
•
It could extend into areas such as Medicare fraud and prescription drug abuse.
•
Dangers stem from providers’ inability to access the medical records, the computer networks, and the required medical devices. They wouldn’t know the medication or its dosage, drug allergies, blood type and so on. If the system crashes during a major surgery, the consequences could be worse.
•
Ransomware attacks have worse consequences. The hacker holds information or a computer system hostage and threatens to delete it unless a ransom, typically in bitcoins, is paid within a certain time. Examples of such attacks include those against Heritage Valley Health System, MedStar Health, Hollywood Presbyterian Medical Center, and the UK’s National Health Service.
•
Doctors who depend a lot on technology could face the risk of medical malpractice claims arising from cyber security hacks. Imagine a medical device such as an imaging device used for surgery shutting down in the middle of a procedure, or a compromised pacemaker implanted in a patient!
Medical device use is bound to increase in the coming years with the popularity of the Internet of Things (IoT). Included among these devices are patient monitors, which makes patients with pacemakers, insulin pumps, and other devices with wireless, remote, or near-field
communication
capabilities
particularly
vulnerable.
Medical
device
manufacturers, hospital administrators, and healthcare providers could face serious personal injury and product liability cases if cyber security measures are not tightened. Cyber security breaches are more common now because of increased connectivity. Healthcare organizations that need to communicate with other smaller organizations with fewer cyber security resources could face the risk of data compromise. What Are the Possible Solutions? •
Use simple systems: When a system is complex, it could be harder to keep it updated to guard against cyberattacks.
•
Spread education and awareness: Patients as well as medical professionals should be fully aware of the importance of cyber security. Continued education in this
www.mosmedicalrecordreview.com
(800) 670 2809
regard is vital and will help ensure that the people who need to use the secure systems are committed. •
Backup your systems: With this solution, you can easily recover lost data when your cyber security systems fail.
•
Follow best practices for installing and testing security updates: Users and operators of medical devices should follow best practices. It is the manufacturers’ responsibility to constantly evaluate bugs and other risks in their equipment and share that information with medical device owners and users.
•
Have the best emergency strategies: Planning for an emergency is very important because then you can tackle a cyber security challenge as soon as it raises its head.
•
Proper coordination and co-operation: There should be proper cooperation among the various entities in the healthcare system such as hospitals, doctors’ offices, insurance companies and pharmacies. An attack on one entity with a weaker security system could put others at risk. Therefore each player in the system should notify the others of attempted attacks so that other can take measures to prevent them.
Whether it is an EHR system, medical devices or any other product the healthcare sector uses, manufacturers and developers could focus on making products and services that are hard to compromise. Constant vigilance is most important when sharing information online or elsewhere. A team effort on the part of the manufacturers, users, and the government in the best interests of public healthcare would help reduce cyberthreats and other concerns that pose challenges for the healthcare industry.
www.mosmedicalrecordreview.com
(800) 670 2809