Featured Photo by Gustavo Fring from Pexels
Healthcare organizations are a gold mine of sensitive personal and financial information, the reason being that patients are less likely to give wrong information about themselves to healthcare employees.
But ironically, many people rarely give thought to the safety of their health records.
We worry so much about the security of banks, offices and social networks but pay little attention to the wealth of information we give to healthcare institutions, sometimes through smartphone apps.
While it may not be our place to secure the information we give to healthcare employees, it is important for patients – even health employees – to understand the impact of breaches on healthcare institutions.
According to an article on Health IT Security by Jessica Davis, about 32 million patient records were breached in the first half of 2019, double of what was reported in all of 2018 – 15 million.
The increase in the number of breaches does not only reveal how vulnerable healthcare facilities can be, but it also shows that hackers and thieves are becoming more aware of the wealth of information they can get from healthcare institutions.
In another research recently carried out by researchers at Michigan State University and the Johns Hopkins University, it was revealed that every patient’s record breached contained sensitive personal and financial information such as Birthdate, driver’s license number, and social security number.
This kind of information can be exploited for identity theft and financial fraud.
As published on Techxplore, the compromised data was collected in segments. In all the segments, three contained information that made losing them really scary.
The sensitive portions of information stolen include Demographic Characteristics such as name, address, email, social security number, date of birth; Financial Information such as billing, payment card or bank account and Medical Information such as HIV status, mental health, Cancer, prescriptions and other important personal information.
Putting all that information about someone in the wrong hands is really scary. All your finances and reputation are at stake.
Imagine having such information in the hands of a con artist or your ex. In some very religious societies, medical information could be used by so-called spiritualists to manipulate victims.
The research conducted by Professor Jiang is an eye-opener. Before now all we knew was that “there has been a breach involving the health records of X number of patients.”
These reports always failed to mention the kind of information the hackers collected about each individual.
It has become more important that healthcare employees know how to better protect patients’ records stored digitally. Healthcare organizations too need to make use of modern and more secure systems for storing their patients’ information.
But no matter how secure any system may be, internal safety measures need to be put in place.
This may mean storing different categories of information on separate different digital storage. A cloud expert wouldn’t mind having a new customer.
It may also mean selecting where patients’ records can be stored and for how long. For example, when Apple announced a feature that allows users of iOS devices to access their health records, Apple mentioned that no health records would be stored in any of their servers.
Healthcare organizations can take similar measures to protect patients’ records and can also check to see if third party organizations that transfer health records are adhering to data policies.
We may think it’s always up to some tech expert we’ve never known to protect patient records but that’s not true. Malicious software can be passed through any employee without their knowledge.
Any USB device whether it’s a mouse or keyboard can be compromised by the right set of hands, especially during repairs.
Hospital staffs with access to patient records should take measures to protect themselves.
These days opening the wrong email at the office could compromise your system.
At times you need to act paranoid.
Even where tech experts may not be needed, workers need to know how certain devices work, even common problems and how to fix them.
Also, when reports are needed on your activity with electronic devices, do not leave out information. Whether you feel it is enough to cause or lead to a security breach or not just include them.
Nevertheless, we can’t always leave data security to organizations or tech experts. Data security is everyone’s responsibility.