The protection of health records must be given utmost importance. Medical professionals greatly rely on having access to health records when providing medical care, but when there is a breach of security, problems arise. Aside from potentially granting public access to the data, sensitive information may also be utilized to attack specific persons. This was seen in the case of Russian hackers stealing the health information of Olympians and other top-level athletes in 2016, which led to mental health records becoming leaked to the public.
When patients become aware that their health records are made public, the negative effects are significant. Private hospitals may experience financial loss, primarily due to attempts to resolve the situation. Time will also be spent on recovering the data and strengthening the system, as opposed to focusing instead on providing medical support. However, the most important thing to consider is that a data leak can lead to the loss of patients’ trust in the general healthcare system.?
An old adage still rings true in this situation: prevention is always better than the cure. Though various solutions may address the problem, it’s always better to strengthen data security. Two things should be considered. The first is to take note of a system’s weak points. How is the data stored? Who has access to the data? Applying top-notch tools and technologies is always a good idea. The advice given by programmers is to think like a hacker in order to spot possible points of entry. The second is to back up all the data so that if the system does get breached, important information can be immediately recovered.
What is usually the weakest point in a system? When talking about data leaks and security breaches, the weakest point is usually not found in a computer program. The weakest point, usually, is the user. Humans easily become prey to malicious intent, thus granting hackers access to health records.?
Hackers implement two strategies.
- The first is through phishing, wherein a hacker will lure health professionals to provide sensitive information, such as usernames and passwords. Phishing usually comes in the form of emails, and there are unsuspecting employees who fall for the fake messages, hook, line, and sinker.
- The second way that hackers penetrate data systems is through malware. Similar to phishing, unsuspecting medical personnel may also receive a seemingly harmless message. These messages may contain attachments or links that, when opened, grant access to change a computer system. Therefore, the best way to avoid both phishing and hacking is to train healthcare employees to spot these immediately, so that there will be no breaches in data security.
What should be done when a hacker attempts to steal health records?
The first thing to do is to call law enforcement. Cybercrime should always be taken seriously, especially when sensitive information is involved.
The second thing to do is to notify the patients immediately. The Health Insurance Portability and Accountability Act, more commonly known as the “HIPAA rule,” was passed in the US to protect patients’ privacy. Hacking is a direct violation of the HIPAA and should be considered an emergency.
Some hackers would be willing to arrange to give back the data in exchange for money. Paying this “ransom” should be the last resort and should only be done after consulting with law enforcement. However, this never gives assurance that the hackers will keep their end of the bargain.
The best thing is to exhaust all possible means to prevent a data breach. Institutions that provide healthcare must ensure that systems are secure, and all weak points are covered— especially if the weak points are related to human error. Therefore, aside from investing in the best software and hardware, providing adequate training for all personnel is important.
One resource for assistance
In health and in hacking, prevention is always better than the cure. If you would like to know how you can secure your data the best way possible, visit https://www.benco.com/technology-and-equipment/dental-it-services/ and contact your Friendly Benco Rep today.
Becker’s Healthcare. (2016, September 13). World Anti-Doping Agency: Hackers leaked? Simone Biles’, Serena Williams’ medical records. Becker’s Hospital Review. https://www.beckershospitalreview.com/healthcare-information-technology/world-anti-doping-agency-hackers-leaked-simone-biles-serena-williams-medical-records.html
Centers for Disease Control and Prevention. (2018). Health Insurance Portability and Accountability Act of 1996 (HIPAA). CDC. https://www.cdc.gov/phlp/publications/topic/hipaa.html