Imagine that you get an invoice from a hospital for $125,000. No doubt you’ll experience sticker shock at the high cost of medical care. But wait a minute. This hospital is in a city that you have never visited, and it’s for a surgery that you never had. How did this happen? You’ve just become another victim of medical fraud. You can now expect to spend a few hundred hours of your life and thousands of dollars of your own money to clean up the mess that a cyber criminal made by stealing and using your medical records.
Medical Records Are a Hot Commodity for Cyber Criminals
Personal health information (PHI) is a hot commodity in the cyber criminal world. It’s value exceeds that of credit card information and here’s why. Credit card fraud can be easily spotted and quickly shut down. What’s more, your credit card company will actively help you combat fraud and you can cancel your account and get you a new one. Theft of your medical records, on the other hand, may not show up right away and unlike your credit card, you can’t just start over with a new health record.
The value of your medical records is the depth of detail provided such as your name, address, contact information, social security number, insurance details, names of your doctors and details about diagnoses, prescriptions and treatments. Hackers can exploit this information to apply for loans, open bank accounts, and file tax returns, in addition to committing medical and insurance fraud.
Patients Experience Debilitating Effects from PHI Theft
Patients can experience multiple problems as a result of having their medical records stolen as they find themselves suddenly responsible for paying bills for procedures they didn’t have, equipment they never needed, and prescriptions they didn’t get. Patients could even experience a misdiagnosis and mistakes in treatment when the medical history of the person using the personal data gets mixed with their own.
Impact of Cyber Crime on Healthcare Organizations is Crippling
The impacts on the healthcare organization are equally as serious. You can expect legal costs and the purchase of ID protection for the people whose records were stolen. Your reputation as a trusted provider will be damaged. There is nothing more personal than an individual’s health, and it will take resources and energy to restore trust and bring back patients who have many other choices in the competitive healthcare marketplace.
Compliance Doesn’t Equal Security
HIPAA applies to any organization that handles health information in electronic form that is associated with a transaction. It’s purpose is to maintain the privacy and security of the health records that are gathered and stored. Yet, healthcare organizations continue to experience data breaches. Just do a Google search of “healthcare data breach” and click on the “News” tab in your search results and you’ll find some of the latest victims.
Make Security a Primary Objective
No matter if you are a small clinic or a huge hospital, you need to have robust layers of security in place to thwart attacks. Instead of making compliance your main objective for IT security, make “security” your main objective. If you are confident in your security, then you will most likely be meeting all requirements for compliance as well.
Be Aware of Security Blind Spots
Technology has enabled the healthcare industry in countless ways, enabling professionals with the tools they need to reach more people, improving and saving lives. Without expert IT guidance, decisions on how to connect and access devices and software systems can create vulnerabilities. Administrators may unknowingly be compromising security because they make decisions in the name of productivity or efficiency in their efforts to help practitioners see more patients.
Find Your Security Gaps
Do you really want to experience a data breach to find out how damaging a data breach can be for your organization and the people you serve? Get a security and risk assessment to uncover weaknesses that could be opening up the door to cyber crime.