Healthcare’s Cybersecurity Conundrum
But these interconnected innovations are also opening the door to security risks if healthcare organizations fall behind in protecting data wherever it's stored or used. And recent data breaches have brought to light the fact that healthcare organizations are being increasingly targeted for their medical records and patients’ financial information. Medical records contain valuable personal information such as Social Security numbers, birth dates, medical histories, and billing information, making them an enticing target for hackers.
Part of the reason is because the market for stolen credit card numbers has become saturated. Reports show that credit card numbers are worth pennies whereas healthcare records are far more lucrative. Also, credit cards can be easily cancelled but you can’t just delete a medical record or get a new Social Security Number. The lifecycle of medical fraud is far longer and more pervasive.
This is why it’s critical for companies to have strong data security strategies in place. From a security perspective, being HIPAA compliant is only the beginning. HIPAA compliance provides only the bare minimum of data security; companies should take a layered approach to cybersecurity. Make it as difficult as possible to get the data by using various tactics like encryption, data segregation, removing patients’ social security numbers from reports, network segmentation, de-identification, and more.
And until more rigorous data protection measures are applied to healthcare organizations, as they are to financial services, retail, and other industries that have experience handling data breaches, more cyberattacks will occur in the healthcare industry. But instead of individual companies being targeted, we’re most likely going to see more system-based fraud.
It’s already happening in the tax sector. There have been cases where criminals are committing tax fraud by filing fraudulent state tax returns and loading the money on prepaid cards. It’s not difficult to imagine criminals doing something similar by filing health insurance claims on a massive scale or targeting medical data that’s connected through networks.
And there’s no easy solution for addressing these problems. Hospitals don’t want to impede the ability of patients and physicians to quickly access medical records as more innovations in the healthcare space are being developed. At the same time, it’s critical that healthcare organizations make cybersecurity a priority. We can expect to hear more discussions about regulating medical data and also see the emergence of devices and efforts meant to streamline data protection strategies.
The digitization of healthcare is changing the ways we interact with physicians and ushering in myriad other changes in the ways we receive care. But, unless those changes include added data protection and vigilance in preventing data breaches, these innovations will be rendered useless.
Like this? Subscribe to our blog here.
Also, check out the most recent issue of our e-newsletter.
Blog Post: Five Ways to Turbocharge a New Healthcare Contact Center
Blog Post: Ten Things to Ask Yourself About Healthcare Patient Experience Technology
White Paper: The New Arms Race in Healthcare: Competing for New Members