Are medical institutions protecting my personal information adequately?
This week the company The Answer is Yes is highlighting how vulnerable medical institutions are concerning protecting private and personal medical information of patients with some examples of breeches. Read on to see what you can do.
Recent events, as reported by trusted sources, has shown that personal medical records can easily be accessed and misused on the internet.
One report stated that there was a design floor in a software design used in virtually all hospitals in the world. The software allows attackers to exploit the software and once exploited; they could distribute their malicious code to access medical imaging information.
Another report identified criminals selling doctors information on the dark web.
“A hacker compromises the corporate network of a healthcare provider to find administrative paperwork that would support a forged doctor’s identity,” states a report detailing the researchers’ findings.[1]
“The buyer [of the data] then poses as the stolen doctor’s identity and submits claims to Medicare or other medical insurance providers for high-end surgeries.”
“Beyond doctors’ identities, other data targeted included personal medical records and hacked health insurance company, login information.” Stated a representative from a company Carbon Black.
In the case of the hospital software, the user can be tricked into executing the malicious code through social engineering[2]
My medical records are safe, aren’t they?
Simple Steps
A few Simple steps can help mitigate some of the risks mentioned above, such as having decent security software installed, and reviews online can help, which are the best products to choose from.
Train staff to be more ‘Cyber Aware’ through online training. Online training is proven to be the most cost-effective and least time-consuming approach with the most benefits, as highlighted in an Australian report released last year.
Also, you cannot rely on technical solutions entirely; you need a hybrid approach to be more effective. Of course, there is no silver bullet, but you can make a difference, it’s not just the IT departments responsibility within the organisation to stay secure and operationally resilient, it’s everyone!
(Ask your doctor if the practices staff have undergone training in cyber)
Stay tuned for more tips this week.
[1] https://www.independent.co.uk/life-style/gadgets-and-tech/news/dark-web-hackers-doctor-identities-medical-records-cyber-crime-a8943581.html
[2] Social engineering is the art of manipulating people so they give up confidential information or have them do something that would cause a negative effect.
Leave a Reply