The frequency in which healthcare breaches are occurring is cause for concern; it seems like every day there is news about another healthcare breach. Healthcare entities hold a wealth of information on patients including names, addresses, Social Security numbers, treatment information, credit card information, as well as other sensitive information. Protected health information (PHI) is more valuable today than ever before. Hackers can use the information gained from a healthcare breach for identity theft or to craft phishing emails. Healthcare breaches, identity theft, and phishing emails are discussed below.
Is your organization secure? Find out now with our
HIPAA compliance checklist.
Healthcare Breaches and Identity Theft
Healthcare organizations need to collect PHI for medical treatment, insurance, billing, and research. Due to the amount of information collected by healthcare organizations, the risk for identity theft, resulting from a healthcare breach, is very real. This is why after experiencing a data breach, healthcare entities are required to offer affected patients free credit monitoring and identity theft protection.Â
After a breach, stolen information can be used to commit fraud, make purchases, apply for loans, or withdraw money. Depending on what information is stolen, someone could take over a breached patient’s identity. For example, if a hacker obtains a patient’s Social Security number and driver’s license, they now have means to steal the person’s identity. They would know a patient’s address, date of birth, and what they look like, just from a driver’s license. The Social Security number would allow them to apply for credit cards and loans. They could then use the new credit card to make purchases, effectively ruining the victim’s credit.
Healthcare Breaches and Phishing Emails
Many times, victims of healthcare breaches are not the intended target. Hackers can use the information gained from a healthcare data breach to craft convincing phishing emails. Phishing emails impersonate trusted individuals by using information or language that convinces a target that the email is legitimate. Phishing emails often contain a malicious link that users are prompted to click. Once a link is clicked, hackers can gain access to the victim’s email account.
With access to an individual’s email account, hackers can send more phishing emails. Through this process, hackers are often able to access an organization’s entire network. Network access can cause healthcare breaches to escalate when not addressed quickly.
Implementing Cybersecurity Practices
Healthcare organizations are advised to implement cybersecurity practices to stave off healthcare breaches. Organizations must have policies and procedures in place dictating how PHI is handled. All employees are required to be trained on company policies as well as HIPAA best practices. Additionally it is recommended, although not mandated, that healthcare organizations encrypt their data to mitigate the risk of a healthcare breach.
