Cybersecurity finally becoming healthcare priority
When it comes to investing in IT and data security, the healthcare field has been known to lag behind other business sectors. That underspending, coupled with the massive shift from paper to digital records in recent years, has put the industry in some crosshairs.
Protected healthcare information (PHI) is being targeted for theft because in many cases it is easier to steal than credit card data or financial records, for example, and healthcare records are much more valuable as well.
“Electronic health records (EHRs) include the personal, family, and billing information of their patients,” explains Dylan Sachs, director of identity theft services at BrandProtect, a company focused on detecting, analyzing and mitigating online incidents and cyber attacks. “They are virtually complete personal identity portfolios.”
On the black market, stolen health records command the highest premium, he adds, because the contents of EHRs provide cyber criminals with everything needed to wreak financial havoc by applying for credit cards or mortgages in another person’s name or even submitting tax returns.
Because protecting patients’ information is one of those thankless tasks that doesn’t directly impact patient care or payment for healthcare services, it can be easy to ignore, points out Steve Spearman, HCISPP, vice president of HIPAA compliance services at Healthicity, which provides auditing, compliance and analytics services for healthcare organizations.
Further reading: Top 7 reasons physicians should consider telemedicine
But with the growing number of breaches and hacking attacks plaguing the industry, practices that ignore this ongoing threat do so at their own peril.