Skip to main content

Health Care Still Struggling with Email Security

The health care sector has come under fire of late due to an increased prevalence of data breaches, privacy failures and more, while many of the more damaging events have actually been the result of relatively simple mistakes. Although the retail sector would appear to be the most at risk of experiencing massive occurrences of information exposure due to the record-breaking disasters that have taken place in the past few years, experts often argue that the health care industry is further behind the proverbial eight ball.
It is not all that surprising that the medical sector is experiencing such significant challenges when working to protect sensitive patient information, as so many new trends in both regulatory compliance and health care IT have begun to intensify in the past few years. Medical firms are expected to at once deploy and embrace cutting-edge technologies such as mobility, telemedicine, electronic health record systems and the like, while still maintaining tight control of all information in storage and motion.


Suffice it to say that this has been no easy task, and many data breaches have struck the industry in the past few years, stealing patient data, hindering the reputation of major medical firms and threatening the integrity of care given the increased prevalence of fraudulently manipulated EHRs. Now, while there is some slack to be had for highly advanced solutions and technologies that are just breaking into the market, there is no excuse for failure to keep traditional mediums of communication and information sharing secure.
In a wealth of data breaches that occurred throughout the past several years in this industry, the source of the problem traced back to emails being sent that contained sensitive information but were not encrypted or protected properly. Whether the information was in an attachment or right in the body of the email, something went wrong and led to the exposure of the patient records, as well as data related to staff members of the firm. In short, something needs to give.


Case in point

The St. Vincent Medical Group recently released a statement regarding a major email-based data breach that struck its systems, affirming the root cause was a phishing attack that one or more employees fell for. Phishing is one of the oldest tricks in the book, yet it is still commonly used among hackers because of how effective it remains. The worst part is that simple email security solutions and training for employees can completely eradicate this threat from being an issue.


In the statement, the group did mention that they had detected the issue somewhat immediately after the phishing incident occurred on December 3, 2014, and shut down the affected account. Because of the quick identification of the issue and swift action, it appeared as though this particular health care provider effectively controlled damages well, believing that only one user account was compromised rather than several.


Phishing attacks can spread quickly and, as is the case with any type of affront to digital security today, immediate identification and action are needed to avoid more problems down the road. In the end, the group affirmed that they had been investigating the attack to make sure no stone was left unturned, and completed the research on March 12 of this year to find that roughly 760 patients' records were compromised.


Luckily, the group also believes that individual medical and billing records were not exposed in the event - only Social Security numbers, limited clinical information, dates of birth, phone numbers, demographic information and account numbers. These types of data can still be used to perpetuate fraud and identity theft.


Get better

Medical firms have an increased responsibility when it comes to protecting data and systems, as patient information is among the most sensitive out there. For example, whereas the data handled by financial services firms will tend to be solely related to bank accounts, patient records can include that very same set of files, in addition to medical histories and a wealth of other documents that can be dangerous if they fall into the wrong hands.


What's more, in extreme cases, medical fraud can end up compromising the integrity of a given patient's history, which might lead a physician to make the wrong decision at the point of care. It should be pretty clear at this point why privacy and security must be the highest priority in this sector, and email systems are an exceptional place to start the fortification process.


Because email is so commonly used to share information and deliver patient records, medical firms should consider investing in encryption tools to protect these communications. Secure and HIPAA compliant email encryption services are available to defend the integrity of firms and their data. 

 

David Bailey is Senior Vice President at Protected Trust. 

Protected Trust is a sponsor of the Print4Pay Hotel. I urge members and readers to visit their site to see their full line of products and services.  More and more we need to provide well rounded strategic solutions for our customers. Protected Trust offers some unique solutions that can help us in our day to day efforts. Check them out here.

If you like something I've posted please feel free to click the "like" button!

Add Comment

Comments (0)

Post
×
×
×
×
Link copied to your clipboard.
×
×