Data Breach: The Epidemic You Can’t Afford to Ignore
By: Casey Williams
Data breaches of patient records are one of the greatest liability exposures that medical offices have, yet they remain some of the most willfully ignored, underestimated and misunderstood. I believe the reason for this phenomenon is that practice owners are not aware of how a data breach would affect their bottom line. Because cybersecurity is so incredibly misunderstood by virtually all non-IT professionals, it is easy to dismiss this subject as fear mongering, with the objective to sell you another product that you don’t need. The reality is, ignoring this risk could jeopardize your patients’ financial well-being and force your company into bankruptcy.
Why do cybercriminals want your patients’ data?
Simply put, patient records are highly profitable for hackers. Patient records contain names, addresses, social security numbers, employer information, health-related information and often much more. They provide a “one-stop-shop” for all personally identifiable information that would be necessary to steal a person’s identity. This makes patient records highly valuable and profitable. Few industries offer the same extent of customer data that could be used for identity fraud. As a result, medical offices are systematically targeted.
What happens to the patient data after it is exposed?
Cybercriminals collect and sell patients’ personal and highly sensitive information on “dark web” marketplaces for a significant profit. You cannot access dark web URLs via traditional web browsers such as Internet Explorer or Google Chrome. The dark web is accessed only through anonymous web browsers like “Tor” which intentionally hide users’ IP addresses in order to mask their identity. Dark web marketplaces are like eBay for drugs, weapons, counterfeit currency and stolen personal information. Individuals buy items on the dark web using cryptocurrency. All communication between the buyer and the seller is via encrypted messages. The combination of sophisticated technology and intentional anonymity makes the tracking and prosecution of these crimes extremely difficult. Illegal buyers use this information to assume control over existing bank accounts as well as obtaining fraudulent loans and credit cards.
Additionally, we go deeper and discuss
- “I have an IT company who takes care of this for me.”
- “I have an insurance policy that should cover it.”
- What the law says about Data Breach
- The Financial Consequences of Having Your Data Compromised
- What are the steps I need to take in order to protect my practice?
Full article was published in the Dallas Medical Journal, November 2019 Issue.