BreachExchange mailing list archives
How To Protect Your Health Data From Thievery
From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Fri, 7 Feb 2014 12:55:11 -0700
http://www.forbes.com/sites/johnwasik/2014/02/07/how-to-protect-your-health-data-from-thievery/ Quick quiz: What's more vulnerable to theft? Credit/debit cards or health records? Despite the recent news about Target and Neiman-Marcus, if you answered "health records," you'd be correct. Health data is far more valuable to cyberthieves because it often contains vital information such as Social Security and insurance policy numbers. According to a recent report from the Identity Theft Resource Center, there were 267 breaches of health databases last year covering some 5 million records. That compares to only 23 breaches of financial information covering less than a million records. The number of breaches in healthcare is up more than 300 percent since 2005. Will the introduction of electronic health records to the industry make data theft more or less prevalent? It's a mixed bag. While there's a clear opportunity to create more security, many of the newer systems are still being tested and may be vulnerable. Insurers and healthcare providers are still getting their act together on this dangerous issue. Here's what theWashington Post found: "As the health-care industry rushed onto the Internet in search of efficiencies and improved care in recent years, it has exposed a wide array of vulnerable hospital computers and medical devices to hacking. Security researchers warn that intruders could exploit known gaps to steal patients' records for use in identity theft schemes and even launch disruptive attacks that could shut down critical hospital systems." Keep in mind, as with all other forms of identity theft, there's a 24/7 global effort to hack systems to steal this information. You think the mafia was bad? This group of thieves can operate from anywhere with internet access and they don't need to belong to an organization. How to Protect Yourself * Be stingy with information. Only provide health policy, Social Security and driver's license numbers to healthcare providers, preferably in person and on paper forms. I know this sounds archaic, but it makes the information harder to steal. Don't give out a Social Security number unless you absolutely have to -- and only to someone you know. * Never give this information over the phone to someone you don't know. Many scams will claim to be calling from "Medicare" or some other agency. They are swindlers. Always verify that the person you're dealing with is legitimate. Have them send you something in writing. Verify that they are who they say they are. Ask to call them back or ask for a supervisor. * Check your credit record on a regular basis. You may see sudden dips in your credit rating if your personal information has been stolen. You're entitled to one free credit report a year. You can also call (877) 322-8228. * Carefully vet all bills. I check my credit-card and medical bills line by line every month. If something mysterious shows up, I check it out and call my credit card or insurance company immediately. Since I've been the victim of identity theft -- twice -- I also pay attention to any alerts my credit-card company sends me. I don't confuse these calls with solicitations. * Don't share too much on social media. I have friends on facebook who share nearly every detail of their medical condition. For identity thieves, this can be a tip sheet. They know when you're in the hospital and can start "phishing" for information.
_______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss For inquiries regarding use or licensing of data, e-mail sales () riskbasedsecurity com Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus on the right security. If you need security help or want to provide real risk reduction for your clients contact us!
Current thread:
- How To Protect Your Health Data From Thievery Audrey McNeil (Feb 14)