Medical Records are Big Business for Cyber Criminals

May 15, 2022

We are all familiar with the Health Insurance Portability and Accountability Act (HIPAA) and the safeguards it requires to insure the privacy of health records. At the same time there is a strong demand from all involved, doctors, insurance companies and patients themselves, for easy access to those records. It is also important to consider that health records do include a wealth of information that can be monetized by criminals.

Medical Records are Big Business for Cyber Criminals

The majority of breaches of healthcare data involve targeting the personal information of individual patients. The data that is stolen and sold includes names, dates of birth, diagnosis information, insurance policy numbers, and billing information. This data can be used for anything from identity theft to purchases of drugs and medical equipment and insurance fraud.

Security experts say that many hospitals and health care providers make easy targets because they work on aging computer systems that are not secure against modern cyber attacks. But, one of the biggest problems lies in the open access to health records. Not that the information is available to just anyone, but those with access are sometimes careless, negligent or, at worst, criminal. IT security is not always a priority at medical practices. Usually everyone in a particular office has access to patient records, form the physician to the receptionist. It is important to trust your support staff and equally important that they have access to the information they need to do their jobs properly. But with more access come higher chances of patient information being left on a screen for others to see or a file or laptop sitting on a counter unattended.

Unfortunately, and most disheartening, many data breaches occur because of dishonest employees. Employees who steal data, like prescriptions or identities, to sell on their own or insiders paid by cyber criminals to provide direct access to networks are some of the most common healthcare cyber crimes committed today.

What Can You Do to Protect Patient Information?

The best prevention comes through education. It’s important to consider who has access to the data and who really should. One of the easiest and most effective steps to protect healthcare data is to restrict access to it. It may slow down your operation a bit if some employees cannot easily access patient records, but it may make sense to ask this question of each and every person in your organization: Does this person need unrestricted access to all patient records?

Training can be another answer. Many workers in the healthcare industry may not realize the importance and value of the information they are handling. It’s all in a day’s work. However, in most industries education about protecting data is commonplace. Employees need to understand the significance of what they have access to and the consequences of it falling into the wrong hands. Most know not to announce a patient’s diagnosis in the waiting room, but fewer would recognize the danger of walking away from a computer that has a patient’s information displayed on its screen.

ProMD can help you protect your patients’ private information by reviewing your current system and security protocols, assisting in implementing effective security features and training staff on secure practices. Contact us today to find out how you can make your data security air tight.

ProMD Practice Management is happy to help with your billing assessment needs so you can maximize profits and increase patient satisfaction. To learn more about how ProMD can make your practice run like a well-oiled machine, call 888-622-7498 or fill out our online form to request a billing assessment.

Back ↵