When people think about cybercrime and private data, they rarely think about the medical industry. The image that comes to mind usually relates to retail. We assume that cybercriminals will only target institutions that customers are always giving money to. They’re the ones with the credit card details, right? So why would cybercriminals need to steal data from anywhere else?
The problem here is that people aren’t aware of the value of medical records on the black market. If someone steals credit card details, they’ll probably only be able to get about $3-5 for it. But a medical record will go for much more. Think about it. What information is on a patient’s medical record? It will include a full name and address, as well as the Social Security number and medical ID numbers of the patient. All of this information can fetch about $50-60 on the black market. Depending on what the records contain, they could go for even more. It’s all vital information for those who wish to commit identity fraud on a higher level than a mere credit card would allow.
So the pressure is on for those in professionals in the medical realm. Cybercriminals are targeting medical institutions, attempting to get medical records in bulk. And currently, due to many in the profession not being aware of how serious the risks are, they’re having a much easier time doing it than they should be!
These risks are why several measures are being put in place throughout the industry. One that you may have heard of is HIPAA. HIPAA stands for the Health Insurance Portability and Accountability Act. This refers to several laws that medical institutions have to follow in order to keep a patient’s privacy protected. If your medical facility isn’t HIPAA compliant, you run the risk of facing severe legal difficulty. Patients will also be able to sue for large amounts if their data becomes compromised as a result of lax security on your part.
So what are you to do? You have to study the Act carefully to ensure that you are complying in every way you can. Areas that are the most obvious to target are the points of contact between the patient and your facility. This goes for e-mail, letters and telephone calls. And remember that the telephonic laws also cover answering services. When patients call out of hours, they are likely to reveal sensitive information via a recorded telephone message. Make sure you’re using a HIPAA compliant professional medical answering service.
You must make sure that every single employee under your wing is aware of these dangers. With modern portable technologies, there are more potential entry points for cybercriminals than ever. All medical employees need to be vigilant. You should ensure that your facility provides secured Internet access. Password-protected WiFi for both employees and visitors is extremely important. Everyone with a personal device should be connected to this network only. Any other network in the area could potentially be compromised.
The risk to a patient’s safety could be larger than you may think. The financial impact of stolen health records is also tremendous. Make sure your facility doesn’t fall victim to these circumstances.