How To Protect Your Health Data From Thievery

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.forbes.com/sites/johnwasik/2014/02/07/how-to-protect-your-health-data-from-thievery/

Quick quiz: What's more vulnerable to theft? Credit/debit cards or health
records?

Despite the recent news about Target and Neiman-Marcus, if you answered
"health records," you'd be correct.  Health data is far more valuable to
cyberthieves because it often contains vital information such as Social
Security and insurance policy numbers.

According to a recent report from the Identity Theft Resource Center, there
were 267 breaches of health databases last year covering some 5 million
records. That compares to only 23 breaches of financial information
covering less than a million records. The number of breaches in healthcare
is up more than 300 percent since 2005.

Will the introduction of electronic health records to the industry make
data theft more or less prevalent? It's a mixed bag.

While there's a clear opportunity to create more security, many of the
newer systems are still being tested and may be vulnerable. Insurers and
healthcare providers are still getting their act together on this dangerous
issue. Here's what theWashington Post found:

"As the health-care industry rushed onto the Internet in search of
efficiencies and improved care in recent years, it has exposed a wide array
of vulnerable hospital computers and medical devices to hacking. Security
researchers warn that intruders could exploit known gaps to steal patients'
records for use in identity theft schemes and even launch disruptive
attacks that could shut down critical hospital systems."

Keep in mind, as with all other forms of identity theft, there's a 24/7
global effort to hack systems to steal this information. You think the
mafia was bad? This group of thieves can operate from anywhere with
internet access and they don't need to belong to an organization.


How to Protect Yourself

* Be stingy with information. Only provide health policy, Social Security
and driver's license numbers to healthcare providers, preferably in person
and on paper forms. I know this sounds archaic, but it makes the
information harder to steal. Don't give out a Social Security number unless
you absolutely have to -- and only to someone you know.

* Never give this information over the phone to someone you don't know.
Many scams will claim to be calling from "Medicare" or some other agency.
They are swindlers. Always verify that the person you're dealing with is
legitimate. Have them send you something in writing. Verify that they are
who they say they are. Ask to call them back or ask for a supervisor.

* Check your credit record on a regular basis. You may see sudden dips in
your credit rating if your personal information has been stolen. You're
entitled to one free credit report a year. You can also call (877) 322-8228.


* Carefully vet all bills. I check my credit-card and medical bills line by
line every month. If something mysterious shows up, I check it out and call
my credit card or insurance company immediately. Since I've been the victim
of identity theft -- twice -- I also pay attention to any alerts my
credit-card company sends me. I don't confuse these calls with
solicitations.

* Don't share too much on social media. I have friends on facebook who
share nearly every detail of their medical condition. For identity thieves,
this can be a tip sheet. They know when you're in the hospital and can
start "phishing" for information.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!