The field of healthcare is a mixed bag. With the primary care field dominated in most places exclusively by allopathic doctors, the focus on care continues to be symptom suppression or problem excision (usually by cutting). Prevention is spotty at best and controversial at worst.
This mentality extends into the field of cybersecurity. And while that may not seem immediately relevant, you might be surprised to learn just how detrimental unconscientious handling of private medical records can be to patients.
On the other end of the spectrum, those in the field of CAM (Complementary and Alternative Medicine) tend to work in smaller spaces with less staff and less expensive equipment. While their treatments may be more holistic, they face the same risks as conventional medical providers.
But what is it about cybersecurity that’s so important to the healthcare industry? See for yourself.
1. Everything is Digital
Since the turn of the century, nearly all day-to-day operations have transitioned to a more digital format. Doctors’ offices utilize computers at the check in, for performing diagnostics, and for managing patient files. Just like at home, the use of computers saves space over just having stacks of files every which way.
You’ve no doubt seen the benefits yourself; some offices have you fill out forms online before even reaching the office. Phlebotomists that work for third party blood drawing companies (Quest Diagnostics, for example) even allow you to order your own blood work online through services such as Request a Test.
All of this information being sent and stored needs to be safeguarded. In the same way, you wouldn’t want someone opening your letters before delivering them, you don’t want third parties reading your forms or learning about your conditions.
2. Patient Information is Privileged
This brings us to our next point. Under the law, your medical information is privileged and private. No one, excepting your doctor and anyone else you give permission, has a right to look at your records. Naturally, you can choose to waive that right and may even do so willingly out of convenience at times, but you would typically want to do so selectively.
When offices don’t take cybersecurity seriously, they’re taking away your choice. While most of your health records might seem at worst a tad embarrassing, the information contained inside could be used against you in a variety of ways. Chronic illnesses come with a huge stigma, particularly when it comes to employment.
3. Personal Devices Present New Risks
Though most of us love our phones and tablets, they actually present one of the greatest risks to the security of healthcare establishments. Many businesses have started to implement a BYOD (bring your own device) policy to save money. Even those that don’t still typically allow employees to use their own devices while at work.
What they don’t realize is that by accessing a shared network, these devices endanger patient information. Patients visiting are no different; offices with open WiFi networks put everyone at risk. The only real protection against such threats comes in the form of what’s called a Virtual Private Network, a service that helps encrypt data sent over shared connections.
You can utilize one of these yourself to minimize the risk you face when accessing public networks. You might just have to, since network admins and businesses likely won’t protect you too much.
4. Data Theft is On the Rise
Because of the minuscule protections put in place by most businesses, data theft is through the roof. Some are in the form of old-school malware use; cyber criminals send a virus to someone on the network and once they open the file, it’s all over.
But most of this kind of theft is happening thanks to social engineering, often in the form of a scam. The most known type is the phishing scam, where a hacker sends a message to someone with access to private files on the network. They fool them into handing over private information such as login information or convince them to visit a bogus website much to the same effect.
You can make a big difference in this area. Many doctors don’t have the most intimate understanding of modern technology; even if you aren’t a tech person, you’re probably more familiar with scams than they are. Share the information you know and help educate those that are unfamiliar with suspicious digital activity.
Keep a special eye out for very “old-fashioned” doctors. Some of them are experts at what they do, be it medicine, chiropractic or even Chinese medicine—but they may not know how to do much more than send email on a computer. You might really be able to help them learn a thing or two.
5. Small Doesn’t Mean Safe
Many successful practices fall solidly into what would be considered “small businesses.” They have only limited staff and they see only a select number of clients. Their medical records aren’t exactly a library—so they don’t make a very attractive target, right?
The opposite is true. Criminals are aware that small businesses tend to be lax on security, rarely employing a tech person full time and almost never utilizing security features beyond the standard security software.
One thing you can encourage an office to do is to store your records offline. Computers not connected to the internet are safe from hackers because there’s no way to really take anything off the computer. It’s certainly less convenient having a separate computer offline, but the security trade off is considerable.
As you can see, there is no shortage of risk when it comes to data theft in the healthcare industry. Your medical files contain the kind of information that thieves covet—things like social security numbers, birth dates, addresses, insurance information and in some cases credit card information.
Making sure the healthcare industry safeguards this data is paramount. Unfortunately, they aren’t moving fast enough; each year, the number of medical data breaches continues to grow. The costs are being passed down to you and, frankly, it’s time to make a change.
So when the opportunity presents itself, speak up. Ask your provider how they’re keeping your records safe. Make sure they understand what’s at stake if they don’t do their job right, because their getting sued or losing their license won’t suddenly undo the damage you suffer.
Will you do your part in holding healthcare providers responsible for cybersecurity? Share your thoughts below.