The medical industry has suffered more security breaches than banks and the military combined, reports CNN, 90% of Hospitals and Clinics Lose Their Patients’ Data.
Just this year alone, 2.1 million patients’ medical records were stolen. That doesn’t include the major hacking into Community Health System’s computer network where 4.5 million of its stored social security numbers, names, addresses, and birth dates were lifted.
Community Health Systems operates 206 hospitals across the United States. Anyone who received treatment from a physician’s office tied to a network-owned hospital in the last five years has been affected.
This is not good news, that’s for sure. And it doesn’t look like it’s getting better any time soon. Hackers are becoming more sophisticated and they stand to gain a lot from hacking into your personal medical information. They make plenty of money by stealing medical records with social security numbers to commit identity fraud, open bank accounts, new credit cards, take out loans and ruin personal credit histories. Not to mention fraudulently billing health insurance companies, including Medicare, and harvesting prescription medications that can be sold for profit on the street.
Hackers are stealing patients’ medical records and private information from hospitals, universities, private clinics, health care organizations and health departments.
How does this happen?
62 percent of health care organizations are moving patients’ electronic medical records to cloud storage without proper security in place. Open WiFi is also a problem. Health care providers use WiFi networks to allow staff to share patient information more easily and these WiFi networks are not secure as they should be, according to a Huffington Post article, Why Your Medical Records Are No Longer Safe.
The 4th Annual Benchmark study done by the Ponemon Institute reports that 90 percent of health care organizations had at least one data breach within the last two years. Billing and health insurance records are the most common type of patient data that is stolen.
Kind of makes you think about your health insurance company and what is happening behind the scenes with your medical information, doesn’t it? How about medical billing practices from doctors’ offices, hospitals and medical clinics?
But there’s more.
The most common culprits for these data breaches are cloud storage for patient electronic medical records, patient data stored on unsecure databases, and patient registration on unsecure sites. Health organization employee negligence is considered one of the biggest security threats, according to the study, along with doctors and hospitals that do not encrypt patient data.
You’d think HIPAA laws would protect our medical information, especially with the onset of electronic medical records. HIPAA does not demand that hospitals and physicians use encryption.
Why the heck not?
According to Semel Consulting’s article, HIPAA Doesn’t Require Data Encryption, it has been suggested that data encryption be a requirement for health care organizations but the medical industry has refused, claiming that it would be an unfair financial burden.
That leaves millions of patients’ private medical information/medical records vulnerable to potential hackers. Our medical records include our social security numbers, home address, and other personal information.
I don’t know about you, but I would like my medical records and personal information to be encrypted if they are stored on cloud. And that’s at the very least.
Tips to help avoid getting hacked
1. Avoid storing your own medical records or medical information on a cloud-based platform unless you are certain of the security. I still wouldn’t do it, not yet anyway. I keep hard copies of my medical records in files so I can withdraw a piece of information when I need it.
2. Avoid using health/medical apps that share your information. Read the fine print before you consider downloading an app to your smartphone or other digital device.
3. Keep your list of medications, emergency and physician contact information in a place that is easily accessible. Consider placing the information on a Medical ID card and slip it into the slot next to your driver’s license in your wallet. I have a free, no obligation, Medical ID card on my website that you can print out. See here.
4. You can also scan your pertinent records and keep them in a secure file on your digital device, with no connection to the internet. Consider creating a passcode in case you lose your device.
5. Each time a medical provider asks for your social security number, ask if it is necessary to provide it and if so, ask if the last four digits will suffice.
6. Ask your health insurer for a copy of your medical records (EOBs.)
7. Review your medical bills closely.
8. Visit the U.S. Department of Health & Human Services health information privacy site to view major security breaches.
This CNN Money article, Simple Tips to Avoid Getting Hacked, offers a number of good tips to protect your privacy and online security.