When you go to the doctor’s office, you assume that everything you share stays between you and your doctor. In reality, hospital systems and medical offices are one of the most common targets of cybersecurity attacks aimed at gathering personal information. For people affected, the impacts of medical data breaches can run much deeper than run-of-the-mill identity theft.

Beyond getting ahold of your personal information in the trash or becoming the victim of a phishing scam, you’re still at risk with your medical data. Here, HIPPAmart Online Compliance further explains the risks.

Medical Data Breaches By the Numbers

  • “More than 41.4 million patient records were breached by 572 healthcare data breaches in 2019, as hacking surged. And it’s likely those estimates are vastly underestimated given two significant security incidents have yet to be reported,” Health IT Security reports.
  • According to Health Tech Magazine, “In its most recent study, HIMSS found that 74 percent of healthcare information security respondents reported experiencing a significant security incident in the previous 12 months — that number jumps to 82 percent when it comes to security incidents in hospitals specifically.”
  • Why are hackers after your medical data? Health data hacker expert James Scott explains in a Hacked article, “once the hackers steal the files, the information will ‘go dark’ for a while before returning in a variety of ways. The hackers aim to build packages called ‘fullz’ and ‘identity kits.’ Scott says these packages will usually include “all the intricacies of a person’s health history, preferred pharmacy, literally everything.” From there, hackers will take their information onto the deep web to secure counterfeit passports, ID cards, and social security cards. Once the full kit is completed, they can sell for up to $2,000 a pop, says Scott.”

How Your Personal Health Information Gets Exposed

  • “Healthcare providers are susceptible to cyberattacks as many continue to use outdated and unsupported software and operating systems. Many cyberattacks are opportunistic and occur because healthcare providers have failed to address easily exploitable holes in their security defenses. However, it is now increasingly common for healthcare organizations to be targeted based on the amount of data they store,” according to HIPAA Journal.
  • Calysta EMR explains that normal safeguards are generally enough to protect your records, but human error must also be factored into vulnerability rates. Plus, patients can inadvertently make their records more easily accessible. “As patients have their natural HIPAA rights to request access to their medical records and store it on their home computers, most patients don’t realize that they are putting their medical records at risk by storing it on less secure home systems, systems which generally don’t have the same level of protection that clinics and hospitals have.”
  • Many people choose to wear a smartwatch as a means to track health progress, but there are risks to consider. ”The rise in use of wearables unfortunately makes for a growing challenge for security executives and teams. Because these devices carry massive amounts of user data—including personal information about the users—they might be targets for security breaches and data exfiltration.”

How to Protect Yourself from Medical Identity Theft

  • According to CNBC: “Just as you should regularly order a credit report to look for errors, your medical records can also reveal red flags and should be reviewed periodically … If you notice anything suspicious in your records, call your health insurer as soon as possible and ask to speak with the fraud department. You might want to be issued a new health insurance account and card. Ask about how you can go about fixing any billing or medical record issues. And be sure to file an identity theft report with the Federal Trade Commission.”
  • If you request your personal records or if you are sending sensitive information to medical practitioners, always convert the information to PDFs and encrypt them. There are plenty of free online tools to help you manage your PDFs. You can try this to create a PDF online​. Then, encrypt it by selecting “Protect” from the “Tools” menu. Then select “Encrypt” and “Encrypt with Password.”

How Covered Entities Can Prevent Data Breaches

  • “Data are highly valuable to the good guys and the bad guys alike — even if the “bad” guys are well-meaning but uninformed employees,” Inside Digital Health explains. “Unless there are proper policies and procedures in place, employees and insider threats may do things to put PHI in jeopardy. Under HIPAA 164.316, organizations are required to implement ‘reasonable and appropriate policies, procedures and standards.’ Furthermore, organizations are required to document those policies and procedures to prove they’ve set boundaries and made expectations and standards transparent.”
  • According to ATT Cybersecurity “Although there is no standard or implementation specification that requires a covered entity to “certify” compliance, the evaluation standard § 164.308(a)(8) requires covered entities to perform ongoing technical and non-technical evaluations that establish the extent to which their security policies and procedures meet the security requirements.”

Use Caution When Sharing Medical Records

This information shouldn’t stop you from going to the doctor. It should, however, make you think twice about who you entrust with your medical data. By ensuring your medical providers value data privacy and taking steps to protect yourself against medical data theft, you can reduce the odds that this terrible form of identity theft happens to you.

HIPPAmart Online Compliance is software designed to protect your medical records. Ask your doctor which electronic health records software they use to ensure you and your information are safe.