Medical identity theft is a serious concern in the present digital world where there is a higher risk of sensitive data being compromised. Medical data entry must be performed with maximum security for the information being handled. Healthcare providers including hospitals, clinics and other organizations using data entry outsourcing services need to ensure that they are partnering with a company of good repute. Any breach of health information can have serious economic and other consequences for providers as well.
Increasing Incidence of Criminal Attacks
According to the Ponemon Institute, criminal attacks in the healthcare sector have increased by 125% since the year 2010. The likelihood for such attacks to occur in the healthcare industry is greater than in any other sector in the economy. In the year 2015, more than 100 million healthcare records were compromised. Bloomberg Business points out that in the past five years, criminal acts against healthcare industry have increased more than two times, amounting to $6 billion per year in costs.
Medical records are the main target of cybercriminals because they contain patients’ social security numbers, home addresses, phone numbers, emergency contacts, email addresses, health insurance information, medical history and credit card payment details. Hackers earn a good deal of profit by using stolen healthcare data and sell them in the black market for uses including Medicare fraud, foreign intelligence, identity theft and other financial purposes. According to cybersecurity TrapX, hackers hold healthcare data hostage until the money is paid through what is called ransomware that put patients’ lives on the line. Therefore hospitals have to prevent threats from ransomware attacks as it can damage the credibility of the hospital among the patients.
Hospital Systems Targeted
Cybersecurity is defined as the body of technologies, processes and practices designed to protect networks, computers, program and data from attack, damages or unauthorized access, internal threats etc. Healthcare data has become a growing target because medical records contain most of the data that hackers want making them ideal for one stop stealing. The healthcare industry has a firm responsibility to defend the security of its clients’ data. Therefore it is important for CIOs and hospital administrative staffs to understand the importance of cybersecurity and maintain the confidentiality of patient data and control of hospital systems.
It was in February 2016 that hackers attacked Hollywood Presbyterian Medical Center in Los Angeles. The medical center agreed to pay the demanded ransom of 40 bitcoins worth about $17,000. The hospital was locked out of its systems for a week and had to rely on pen and paper. Two more attacks followed a month later in California hospitals, Chino Valley Medical Centre in Chino and Desert Valley Hospital in Victorville both operated by Prime Healthcare Services. In March, the MedStar hospital chain based in Columbia, Md was hit and it took days to recover its systems. However, this group was able to recover the systems without paying ransom.
In 2016, according to a joint report by Protenus Inc. and DataBreaches.net, there was an average of at least one health data breach per day affecting a total of more than 27 million patient records. In January 2017, Protenus identified 31 health data breaches that affected 388,307 patients.
Data Breaches Are Very Costly
Healthcare data breaches are very costly. There will be costs related to trust, loyalty and brand value as well as expenses related to notifications, lawsuits and forensics as Protenus points out. Apart from monetary losses, compromised data security can also lead to another grave problem, namely poorer health outcomes.
The risk of data breach in healthcare organizations really exists. The Ponemon Institute’s research on the privacy and security of healthcare data shows that during the last 2 years, 65% of represented healthcare organizations experienced electronic-based security incidents and 54% experienced paper-based security incidents. The study found that healthcare organizations are not very confident about their ability to identify and respond to incidents and breaches. Though they do have policies and procedures in place to prevent or quickly detect unauthorized access, loss or theft of patient data, only 49% agree that they have sufficient technologies to effectively prevent or quickly detect breaches.
Reliable Risk Management Programs Vital
It is vital that healthcare organizations have risk management programs in place to handle security incidents and breaches. It will help build a culture of concern, determine potential exposure and manage risk appropriately. This concern for security should be foremost when partnering with external agencies such as data entry companies. Proper data security will in turn ensure better individual and community health outcomes, build patient trust and maintain the integrity of health records. Organizations should communicate with patients about the importance of cybersecurity so that any inadvertent disclosure on their side can be prevented. It is important to emphasize that the organization attaches top priority to security and confidentiality of healthcare information. All communications should take into account particular needs of the patient population. Reliable security measures and programs will help healthcare organizations protect themselves as well as their patients while also improving the quality of individual care and community health.