Why Hackers Target Medical Patients

Why Hackers Target Medical Patients

Wouldn’t it be nice if we could go a full year without a breach in security throughout the medical industry? 

We all know that’s not possible.

In 2018, phishing attacks in Minnesota compromised 21,000 records, 75,000 records were breached in a federal ACA portal, 3 hospitals were fined $1 million for HIPAA violations - and it doesn’t stop there. 

Protected Health Information (PHI) is targeted for a wide variety of reasons. One of the biggest is that it’s easy to steal. While most people are careful with their credit card information, not as much highlight has been given to protecting your medical information. So EHRs are passed along with little to no thought. And in most cases, personal, medical, even financial information goes along with it. 

That’s where the biggest vulnerability lies. When EHRs are created, they are meant to follow a person throughout their lives. It transfers as a person visits one doctor, then another. They exist, growing, building, as a person ages and lives.

Healthcare is becoming dependent on these records; it’s mandated that they build and secure them. But as an individual, flexibility is also of concern. A patient may want access for a variety of reasons, from checking lab results, to making appointments, to using it for billing and payment options. But medical staff also want flexibility. They want to share it with colleagues for learning experiences or for second opinions. Everyone on staff may need access, from making notes to closing out billing. And with every interaction, it opens up potential threats. 

Most practices consider themselves small; smaller than other practices around them, smaller than the large hospital down the road. Why would a hacker target you when there are other, more substantial opportunities available? 

That’s your weakness. 

Most practices don’t budget enough for security measures because they assume they are too small. You’re what’s considered “low hanging fruit.” You’re what criminals love. Why go after bigger when they have better security? Why go big when risk is less with small? Several smaller hits all in a row can still be quite lucrative. 

There is no “one size fits all” approach to cyber security, the most important aspect is developing a plan. Something is better than nothing. And the more steps you take, the stronger your security becomes. 

As we approach the new year, what steps are you taking to ensure your name isn’t on the security breach list for 2019? 

For IT Strategy, Cloud Conversion, or Help Desk Services reach out to us at Silver Linings Technology 360-450-4759.