Despite looming security threats, health care still seems to be lagging behind in its digital defenses. With the number of data breaches that struck the industry in the past year, these security gaps raise obvious concerns, especially about their contribution to the possibility of identity theft.
How have data breaches affected health care?
According to the Healthcare Edition of the 2016 Vormetric Data Threat Report, 96 percent of participating IT security leaders in health care are preparing themselves for a cyberattack. The report also found that 63 percent had already experienced a data breach.
However, preventing data breaches is still not a top priority for health care IT departments, according to the survey. More health care security professionals are focused on meeting compliance standards, which they see as a sufficient effort in protecting data. However, other security experts disagree.
“Compliance is only a step towards health care IT security,” Garrett Bekker, senior analyst of information security at 451 Research told InfoSecurity magazine. “As we learned from data theft incidents at health care organizations that were reportedly HIPAA compliant, being compliant doesn’t necessarily mean you won’t be breached and have your sensitive data stolen.”
News of this study comes as the health care sector is experiencing rising ransomware threats. According to Healthcare IT News, PowerWare is the latest in a string of malware attacks targeting the health care industry.
Ben Johnson, chief security strategist at Carbon Black, told the website that hackers often victimize hospitals because they’re more likely to pay the ransom to free their files. Dealing with highly sensitive and important data, they can’t afford the time or the talent to unlock it on their own.
What differentiates PowerWare from other ransomware is that it’s deceptively subtle, mimicking the files and activities that already exist on the computer. Johnson said the appearance of PowerWare indicates a worrisome evolution with malware.
“Now they encrypt files,” he said. “But if they start seeing the actual data, they can use it in blackmail.”
Other types of data breach threats are also plaguing the health care sector, which has had notoriously bad luck with security. The past year was rife with health care data breaches, ranging from large insurers to small hospitals. Recently, Einstein, a Pennsylvania healthcare network, discovered a huge security hole when one of its website databases was left open to unauthorized users. According to a press release from Einstein, the database contained patient information. Since finding the issue, the network has assured patients that its database is now secure.
What steps can you take?
Medical identity theft is an insidious threat, and victims often struggle to reverse its damages. It doesn’t help that the issue is compounded by the frequency of health care data breaches, making it even harder to know when you could become a victim. That’s why taking personal steps to ensure your own security is essential. According to the Federal Trade Commission, the signs that indicate medical fraud include getting billed for treatment you didn’t receive, called for medical debt you don’t owe, notified of reaching your benefit limit or denied health insurance because of incorrect medical records.
To catch these indicators, obtain copies of your medical records to check for errors and pay close attention to any health insurance bills. To take your personal protection a step further, you can also invest in a monitoring service like Identity Guard to help detect and alert you to certain activity that may indicate fraud.