Should healthcare be bracing for hacker identity theft plans?

Cybersecurity experts see famous data breaches such as the massive Target incident last year as precursors to what may lie ahead in healthcare. However, to a degree, medical identity theft is already a major concern in healthcare.

While the Target hackers were after credit card information, the bounty in healthcare is a patient’s identity. Healthcare providers are integrating massive amounts of patient data into electronic health records (EHRs) and in doing so often include information such as Social Security numbers that can be used to steal patient identities.

Robert Wah, president of the American Medical Association and chief medical officer at the health technology firm CSC told POLITICO that he sees healthcare as being behind as cyber criminals ramp up their efforts to infiltrate hospitals and steal patient identities. “[Criminals] are seeking health records not because they’re curious about a celebrity’s blood type or medication lists or health problems,” he said. “They’re seeking health records because they can do huge financial, fraudulent damage, more so than they can with a credit card number or Social Security number.”

Identity theft in healthcare is a real concern, as evidenced by a number of breaches over the past year or so. The University of Florida (UF) medical clinic announced in April 2013, for example, that a former employee had breached nearly 15,000 patients’ data as part of an identity theft ring. Another recent example was Community Hospital in Chester and Crozer-Chester Medical Center in Upland, PA being involved in a tax fraud ring that compromised 144 patients’ identities. And Tampa General Hospital spent a lot of time in 2013 resolving a data breach that exposed patient identities in a tax fraud scheme as well.

Wah’s comments and the recent breach activity are echoed by the Ponemon Institute’s fourth annual Patient Privacy Data Security Study. The study indicated that internal threats represent the highest current risk to healthcare organizations because of employee access to patient records. The employees would be able to use that access to work with outsiders on tax fraud schemes.

Organizations such as the American Health Information Management Association (AHIMA) have provided medical identity theft best practices to providers as well.

Article source: http://healthitsecurity.com/2014/07/17/should-healthcare-be-bracing-for-hacker-identity-theft-plans/

Technorati Tags: ,

Tags: ,

Leave a Reply