Healthcare Data under Attack

Crooks want your health information. Why?

It’s called medical identity theft, and it’s not going away too soon. In fact, the ACA (Affordable Care Act) has only fueled the situation, says the Ponemon Institute, a security research firm.

This latest of Ponemon’s four annual Patient Privacy and Data Security studies reveals that sloppy behavior, like losing a laptop that has unencrypted data, is a primary cause of data breaches.

A crook would love this information because, “in the world of black market information, a medical record is considered more valuable than everything else," says Larry Ponemon, the Institute’s founder.

The study was sponsored by ID Experts, and its founder, Rick Kam, says that the “black market is being flooded with payment card data.” Health care data includes a Social Security number and personal health record—data that sticks around for a long time, versus a credit card number.

Breaches can also result from unsecured mobile devices, employee negligence and third-party contractors who can get their hands on the data.

But by and large, says Ponemon, health care employees are good people who sometimes just “do stupid things.” And the rushed nature of their jobs can compromise attention to security.

One hospital visit can net six to 10 companies having access to your data, says Kam. This includes the ambulance company, hospital, extraneous labs and the health insurance company.

If someone snatches your medical records, you’ll be in a major jam. For instance, the thief who claims to be you can get medical treatment for an STD—and that will go on your record. Worse, the thief may have a different blood type. What if you’re in an accident and need blood transfusions, and you end up getting the wrong blood type?

The proliferation of mobile devices makes it even easier for criminals to steal data.

The study showed that 88 percent of medical facilities permit employees to access patient data via their own mobiles (and what percentage of these employees do you really believe have encryption and other security measures in place?).