Medical records more lucrative for hackers
Properly securing data is a challenge faced by all modern businesses but is a particular concern for medical information. One of the biggest targets of data security breaches is not financial data or consumer retail information but electronic health records. One out of three health records was estimated to be compromised in 2016, and this type of information was nine times more likely to be breached than financial records according to Forbes.
Personal health information (PHI) can consist of multiple forms and types of sensitive medical information, from patient health records to family history and more. As more information is shared and stored digitally between doctor’s offices, hospitals, insurance companies and other organizations, properly storing and securing confidential information is more important than ever before.
Hackers target PHI for several reasons: It may be used to acquire pharmaceuticals, to commit insurance fraud or to sell on the black market. In fact, selling a single user’s personal health information may earn up to $60 or $70, and a single data breach can gather thousands of records. Compared to selling a social security number for less than a dollar, it can be much more lucrative to steal medical records.
The threat of a data breach is a very real possibility that may result in severe financial and legal consequences for a firm that has been hacked. There is a strong ethical dilemma where breached data may slow delivery of critical health care to patients in need. HealthcareITNews warns that medical identity theft could result from something as simple as a patient mis-identification, which is surprisingly common for patients with identical first name, last name and birthdates.
Identity management solutions
To protect against the nearly $30 billion annual health care losses resulting from medical identity theft, organizations must be proactive in their approach to securing customer data. For many businesses, legacy software systems and outdated technological platforms simply do not provide a proper security layer and level of comfort. In other cases, data security can become too complicated and cause business inefficiencies such as requiring business users to input multiple passwords and user IDs.
Identity management is quickly becoming an emerging trend in electronic health record security. Identropy explains this concept in simple terms, meaning that the data security paradigm has shifted to focusing on asking “what do we need to know about you” rather than “who are you?” In other words, adding an additional layer of security can be accomplished not by hiding or encrypting sensitive patient data but by actually trying to take as much personally identifiable information out of the process as possible.
Of course, this process of managing identity records does still involve creating and maintaining unique keys to tie records together. Leading processes today emphasize not just identity management but access management to control the flow of data. Boardroom Events has partnered with several service providers that offer these solutions, such as the IBM MaaS360 for mobile access management and Duo Security for securing remote access points. These leading and emerging services meet the needs of organizations across the industry to prevent the next big headline data breach.
Subscribe to our monthly newsletter for the latest news and insights for senior IT leaders.
- Best Practices
- Business Process Optimization
- Data Analytics
- Data Management
- From the Trenches
- Info-Tech Research
- IT Service Management
- Press Releases
- Regional Roundtables
- Top Solution Providers
- Vendor Management
- Virtual Roundtables
- Workforce Management