Electronic medical records have become a favorite target for cyberthieves. In 2017, healthcare organizations suffered 477 reported data breaches, compromising the records of 5.579 million patients, U.S. Department of Health and Human Services data shows. The first quarter of 2018 racked up another 110 data breaches, compromising another 1.13 million patient records, according to the Protenus Breach Barometer. Digital medical records are coveted by criminals because they sell for ten times more than credit cards on the black market, going for an average of $10 per record, says PhishLabs director of threat intelligence Don Jackson.
While many of these breaches have occurred through hacking of healthcare providers, healthcare consumers are also targets of cybercriminals seeking to obtain medical records. Here are three steps you can take to protect your electronic medical records from identity thieves.
Use Sound Cybersecurity Practices
While healthcare providers are required by law to follow HIPAA Privacy and Security Rules to protect your healthcare information, itâ€™s also essential for consumers to take steps to guard information they store on devices, send through email or share online, says the Office of the National Coordinator for Health Information Technology. Information you post on websites, such as questions about health conditions, is not protected by HIPAA, so be careful not to share anything in public that could compromise your identity. Hackers also use email phishing schemes to trick you into divulging sensitive information, so always verify the identity of email recipients before sending healthcare data. Be wary of unsolicited email requests for sensitive healthcare data, and donâ€™t click on links in suspicious emails.
Protecting data on your PC and mobile device is also essential for cybersecurity. Protect physical access to your devices by using a strong password or biometric authentication methods such as fingerprint scanning or facial recognition. Use a firewall and a secure connection such as a virtual private network when going online, and avoid using public Wi-Fi networks to send healthcare data. Keep your operating system and apps updated to the latest versions to incorporate the most recent security updates. Keep an antivirus app running to automatically detect malware and intrusion attempts.
Guard Your Physical Records
Cyberthieves can also target your electronic data by stealing physical records that provide clues they can use to obtain your digital information. A top target is your mail. To protect your mail, the U.S. Postal Inspection Service recommends picking up your mail from your box promptly after delivery rather than leaving it overnight. If you’re going to be gone on vacation, arrange for a neighbor to pick up your mail, or have the postal service temporarily hold your mail. Hand mail with sensitive information directly to your carrier or deposit it in post office mail slots rather than leaving it in your mailbox or putting it in delivery boxes, which thieves may break into.
Documents such as Social Security cards and birth certificates can also be targets for thieves. Donâ€™t carry this type of sensitive information in your wallet or purse. Instead, keep it locked in a secure location such as a safe or lockbox. Keep documents such as credit card bills in a secure location as well, and shred documents that are no longer needed rather than simply throwing them out, since thieves may rummage through your trash cans.
Have a Contingency Plan
While prevention is your best protection against medical identity theft, your identity may be compromised despite your best efforts, making it important to have a contingency plan in the event of a breach. One important step you can take is subscribing to an identity theft protection service. This will provide you with automated monitoring of your identity, giving you an early alert to suspicious use of your information so that you can respond proactively to stop misuse of your medical or financial data. Identity protection services can also assist you in working with law enforcement and financial institutions to stop thieves and recover your identity.
An increasingly common form of cyberattack is ransomware, which hijacks your computer or mobile device so that you canâ€™t access your data, and threatens to delete your data unless you pay a hostage fee. As a safeguard against this type of attack, make sure to back up any important healthcare data you have stored on your electronic devices. An external hard drive or cloud backup service can be used to schedule automated backups as a safeguard against ransomware attacks.
Cybercriminals are constantly on the hunt for your medical records, but you can take steps to make it harder for them to hack you. Following cybersecurity best practices and storing your physical records securely will make it more difficult for them to obtain your information. In the event they do breach your defenses, subscribing to an identity theft protection service and backing up your data will help you recover more quickly and minimize the damage thieves are able to do to your identity and finances.