Skip to main content

Health Care Email Security Still Needs Improving

Despite the fact that so many data breaches have impacted the health care sector in the past few years, and a high percentage of them have been traced back to poor email security, it does not seem as though industry players are really rising to the challenge. This is disheartening to say the least, as patient information is often viewed as one of a kind when it comes to sensitivity and the dangers associated with it falling into the wrong hands.

Keep in mind that not only will patient data often include at least some personally identifiable information that could be used in an identity theft crime, but it can also lead to medical fraud that hinders the accuracy of records and history. This means that a fraudulent event involving a patient's records could complicate decisions and performances at the point of care, thus posing an actual life-or-death risk in more extreme situations.

Regardless, though, medical firms have had to oblige the statutes under HIPAA for nearly two decades now, and there is really no excuse for failing to implement reasonable, compliant and effective controls to protect patient data. With email standing in a prominent position regarding the most popular mediums to share information, encryption and other security deployments need to be completed as soon as possible to avoid another headache.

A powerhouse hindered
The Associated Press recently reported that Boston-based Partners HealthCare, one of the bigger providers in the nation, believes that roughly 3,300 of its customers might have been impacted by a breach that was traced back to a phishing email scam. It is worth noting here that while phishing attacks are among the simplest to defend against - all it takes is making employees aware of the threat and implementing controls to act as a second level of protection - they are also still a highly popular and effective means of perpetuating data theft.

According to the news provider, Social Security numbers, patient, insurance and clinical information, dates of birth, addresses and names were included in some of the compromised emails. Virtually all of this data - especially when viewed in tandem - can be used in identity theft and fraud schemes.

In a separate article from CSO Magazine that analyzed the event, analysts spoke about how patient records are far more valuable on the black market than those that only contain raw financial information, which is one of the reasons why hackers and other nefarious beings are so focused on this particular industry. Furthermore, in what has become somewhat of a major theme, the source noted that it appears as though this breach originated in November, meaning Partners needed six months to complete its analysis and notification of the event.

An even bigger mess
Another major trend in health care security is that once one major breach is brought to light, an even more devastating report tends to follow relatively quickly. FierceHealthIT recently reported that the Seton Healthcare Family notified 39,000 of its patients after a phishing attack compromised the customers' data and privacy. Similar types of information, such as Social Security numbers, were exposed in this breach, which further proves that these highly traditional and easily mitigated attacks are putting the entire industry at risk.

The time is now to begin beefing up protections within the health care industry, especially for data storage and communications frameworks. By leveraging simple tools such as email encryption, alongside secure cloud and enhanced employee awareness programs, popular attack methods can often be sidestepped.

 

 

Add Comment

Comments (0)

Post
×
×
×
×
Link copied to your clipboard.
×
×