Recently a Ukranian hacking group called “Pravyy Sector” managed to hack into the server of the Central Ohio Urology Group, which includes twenty-four clinics and posted online literally hundreds of thousands of files that included massive amounts of personal information that could be exploited for identity theft and other illegal purposes. While you may not be a patient of Central Ohio Urology Group and therefore may not consider this to be a serious matter, but it is very serious because it is just another example of the pervasive lack of security in the health care industry.
As I warned everyone in my USA Today column in which I made my cyberpredictions for 2015, the health care industry is tremendously vulnerable to data breaches and we can expect these data breaches to continue. Here is a link to that column. http://www.usatoday.com/story/money/personalfinance/2014/12/20/cyber-hack-data-breach/20601043/
An audit of health care companies and insurers showed that more than 81% of these companies have suffered a data breach in the last two years alone and that number only relates to the data breaches that have been discovered. There may have been more that remain undiscovered. The health care industry is the perfect storm for data breaches. It is a highly digitized industry that has massive amounts of personal information that it shares with numerous offices and institutions and yet has not, in many instances instituted the necessary security precautions to protect the information stored.
The potential consequences of medical company data breaches can be tremendous to affected individuals. The medical records of an identity thief accessing your medical insurance can become intermingled with your medical records such that you can mistakenly receive improper treatment, such as a potentially deadly blood transfusion of the wrong blood type. Other information such as your Social Security number which may be stored by a health care provider can be stolen and used for purposes of more traditional identity theft. Finally, the vulnerability of the computer systems of health care providers has made them prime targets for successful ransomware attacks.
The health care industry has got to recognize that it is a prime target of hackers and identity thieves. Encryption of all data should be the rule and not the exception for health care providers. Authorization authentication to access records from both on-site and particularly off-site should be enhanced. As for us as the patients, we should limit the amount of personal information given to health care providers if they do not have a need for it. Health care providers do not need our Social Security numbers. Don’t give it to them. We also should demand that they institute better data security measures.