Why be worried about medical identity theft?

 As per data released by the Identity Theft Resource Center (ITRC), during 2015 (as of December 1, 2015), out of the total data breaches reported, around 35 percent were from the medical/healthcare industry. Although, the total breaches stood at 717, and the medical/healthcare industry saw breaches of 248 during the year, what is worrying is that from the total number of records compromised, almost 68 percent of records were medical data. A whooping 120,077,576 medical records were compromised out of the total 176,275,271 data during the period.

Obamacare has encouraged health data, relying heavily on patient information, passed on through electronic media. It has, subsequently, opened a channel for cybercriminals to steal unprotected sensitive data from various health / medical channels including hospitals or insurers.

medical identity theft
Electronic medical records thefts and data breaches are a reality in today's healthcare industry.

How is medical identity theft denting the industry?

The impact of medical identity theft on healthcare providers is considerable—both in terms of loss of revenue and reputation. In most cases, medical data theft may lead to personal financial loss for patients, and, if the providers are not able to safeguard such information, patients may switch their providers, leading to revenue losses, together with denting the reputation of the organization. With this, even the loyalty of the customers gets into a negative zone.

Also, calculating HIPAA data breach costing is not a singular process. A healthcare organization is left with incurring exponential costs for notifying patients about data breaches, while damage mitigation could spiral the cost further upwards. Failure to undertake adequate security and privacy measures for protecting medical records is also leading to financial penalties being implemented on healthcare organizations.

Unsecured medical data has even left healthcare giants susceptible to data theft. Over the last year, healthcare organizations such as Anthem, Inc., Premera Blue Cross, Excellus Blue Cross Blue Shield / Lifetime Healthcare, and UCLA Health have reported breaches putting the personal records of nearly 113,100,000 members at risk.

Such breaches translate into government fines, class action lawsuits, and loss of patients. Healthcare organizations face a penalty from HHS of up to USD 1.5 million for such violations, while the Federal Trade Commission may impose a fine of around USD 16,000 per violation. With this, if there are lawsuits, healthcare providers may end up paying for damages caused due to fraud, invasion of privacy, negligence, violation of medical confidentiality, breach of contract, unjust enrichment, and unlawful business practices.

Why should you worry about medical identity theft?

For ensuring cyber security, Health Insurance Portability and Accountability Act (HIPAA) mandates all healthcare providers to observe physical, network, and process security. Further, as per Health Information Technology for Economic and Clinical Health (HITECH) Act, all the organizations who are in the healthcare domain are required to communicate with individuals if 500 or even lesser records are compromised. In case more than 500 medical records have been compromised, media and ‘Secretary of Breaches’ have to be notified under the Breach Notification Rule.

With electronic medical records, data breaches are an accompanying reality. While eliminating the risks might not be feasible, mitigating it could certainly be undertaken through secure systems.

This might be a great cautioning for chief executives managing organizations dealing with medical records. It might be one of the focus areas for the CEOs for setting up the agenda as well as prioritizing IT security as a part of the core business activity. IT security breaches might result in large financial losses. With this, loss of credibility might also have a huge impact on business performance together with failing client trust.

What should you do?

In a scenario where massive and highly publicized attacks had been conducted on big healthcare providers, for CEOs of the companies, IT security has become a critical issue and commands the same weightage as the financial performance of an organization. In the current time, the two – finance and security – have become closely aligned.

Healthcare organizations have been focusing on spending on software for detecting as well as mitigating fraud, as per the survey conducted by Medical Identity Fraud Alliance.

Healthcare providers have to be responsible for protecting confidential information, which includes the medical records of patients. They have to be cognizant of selecting an electronic medical records management team that is HIPAA compliant. This provides huge relief to the organizations from data breaches and reduces the risk for the patients.

With Avancer’s Advisory Services and a range of solutions, healthcare organizations could safeguard themselves by complying with regulatory requirements. It includes measures to prevent cyber-attacks, employee breaches, and inadequate firewalls, along with safely sharing data with third parties, accessing data through wireless computing, among others.

With electronic medical records, data breaches are an accompanying reality.

Drop Us a Request

Comments

Post a Comment

Popular posts from this blog

Assessing IT Security Risks in Finance IT Systems

Image
 The financial  industry is driven by data from user details, transactions, account details, payment information, access governance, vendor management and so on. For financial organizations, having a strong plan to defend against cyber-attacks and creating an action-based process to deal with a potential attack is crucial. Getting basics in place, and augmenting IT security with the right set of technology not only secures IT assets but works towards thriving operations within an organization. There are drastically lower computing challenges related to IT hold up. A strategically aligned IT Security System with the right set of application integration, identity management, governance of access, a notification mechanism, etc. are imperative for IT Systems to flourish. Despite the best of technological systems in place, the robustness of a system has to stand the test of time, and whether it has come of age with respect to technological offerings in the market that are up to the...
Read more

Testing IT Risks in Healthcare IT Systems

Image
  With a strong foundation for an information security framework, organizations need to put the basics in place and then evolve. In a healthcare setting a reasonably practical IT Security strategy to eliminate all possible cyber security risks is not usually possible. Given the extent of access required by various clinical and lab, the staff keeps changing, the dynamics of the IAM framework in a healthcare setting is quite different. In addition to the brick and mortar, IT fixes – to discover and close any possible loopholes. Keeping this in perspective, a smart and very simple risk assessment strategy safeguard a possible attack into the system. Risks in cyberspace (IT Security aspect) in hybrid healthcare IT System emerges from users, devices, applications and IT connections. Depending on the load on threat points, each organization has a different set of challenges while coming up with an IT System that is 100% foolproof. On top of IT Security considerations there are some areas...
Read more

What damages could one claim in a data breach?

Image
What damages could one claim in a data theft lawsuit? The answer depends on the circumstances of the case. For example, it may be possible to claim that the company was negligent in handling patient data or that the company had no idea that the information contained in the systems would be vulnerable to hackers.  In addition to the breach itself, there may also be other damages associated with the leak, such as the cost of forensic investigations after the data was stolen. Further, the victim may have to hire credit monitoring services and spend time recovering from the incident. Finally, if the defendant knew of the breach, it may have taken appropriate measures to prevent fraud or other losses.  In these cases, the plaintiff may claim that the company knew of the risk but failed to take action or was unaware of the breach. Medical Identity Theft As medical records are increasingly shared online, more people may be at risk for medical identity theft. In such a situation, the ...
Read more