Health is the main value of every person. But we start understanding it only when there is a threat to lose it. The reason for the latter may be not only bad habits or accidents but also viruses. Both common flu, and … computer viruses. Since we started to use electronic medical records healthcare data security became one of the most important aspects of data protection. Let’s find out why.
In recent years, the hackers’ interest in the electronic medical records has increased sharply. At the black market, this kind of information is much more valuable than the credit card numbers and bank account passwords.
The trend may be surprising, but if you think about it, the reasons are quite obvious. After all, the data in the electronic medical records contain:
- patients’ names, their dates of birth;
- addresses (postal and electronic);
- phone numbers;
- places of work and positions;
- IDs, card numbers, medical and social insurance.
This information can be used for complete identity theft, rather than just for a one-time bank account hack.
Another important reason is a weak patients’ data protection in medical institutions. Both banks and other financial institutions have already created a strong system of data protection. Two-factor authentication has become a ubiquitous standard for banks. The clients of the banks can get access to the information only after entering the OTP (one-time password). But the public health associations, on the contrary, have not paid attention to the health data security measures for a long time and thus became an easy prey for the hackers.
How the fraudsters use stolen electronic medical records
In addition to the identity theft, which was mentioned above, there are other ways to use the information contained in electronic medical records. Among them, there are three specific ways to use this certain type of information.
- Receiving medical care at the expense of others.
Some treatments can be expensive and, thus, physician services, received by the fraudsters, can damage a victim’s financial well-being.
- Machinations with medicines.
Hackers, who have a good health and don’t need treatment, can get a good income ordering some expensive drugs on behalf of a legitimate medical cardholder with the aim to resale them.
- Conspiracy with clinic employees.
If criminals manage to get in touch with an unscrupulous clinic, an insurance company may be billed for services that have never been rendered, and the money will be divided between the clinic and fraudsters.
Why the medical records hacks are dangerous
Medical data hacks may result in not only material losses but also endanger the health and lives of people whose information was stolen. After all, fraud actions (receiving of medical services, purchase of medicines) get into the real clinical history of the patient. And, in case the real owner needs urgent help, physicians will be misled by incorrect information, which has no relation to the patient. For example, a person may have an allergic reaction to some drugs, but it won’t be specified in the electronic medical records because of the fraudster’s intervention.
We should keep in mind that although you can easily lock and subsequently change bank accounts and cards, it is completely impossible to get back the compromised and disclosed medical data.
Healthcare data security tips
Despite all the dangers healthcare data security encounters in the age of computer technologies, there are enough ways to reduce the risks.
Like any other type of organizations, medical facilities need medical data protection from the following threats:
- targeted attacks and hacking from the outside;
- viral infections;
- employees actions committed because of illiteracy or with a purpose to steal medical records.
The first two are usually eliminated by cyber security experts. To prevent a human factor, in addition to the administrative work with the staff, the clinics need a reliable means of strong user authentication when getting access to the electronic medical records and patients’ data.
It is difficult to spot that the medical records storage has been hacked since the owners of the insurances don’t get the billing information immediately. The banks usually immediately inform their customers about any actions on their accounts via text messages on a phone number linked to the account. Thus, the person, if necessary, may report on a particular suspicious transaction. Moreover, often, to make a transaction, the bank clients need to confirm their identity. If such means of user authentication were used by medical facilities, many healthcare data frauds could have been avoided.
Two-factor authentication or 2FA with one-time passwords has become the standard for a great number of different digital companies. Hardware and software OTP tokens, which generate the one-time passwords, are often used to increase the data protection level. These tokens do not need the Internet connection, thus, they help to avoid the OTP passwords interception. For the companies dealing with the money strong user authentication is a must.
2FA has proven its reliability long ago. Thus, It may be useful for the healthcare data security as well.
According to the information published in different sources, only in 2015, 100 million people in the United States became the victims of the electronic medical records hacks. The largest information frauds were the attacks against the Anthem Company (78.8 million people) and Premera Blue Cross Company (about 11 million customers). In other countries, statistics is not so sad. But it is only because in many countries the level data digitization in medical institutions is not high.
But nothing stands still, and sooner or later the electronic medical records will be used in all hospitals all over the world. Thus, it is important to take care of healthcare data security in advance.