For most of us, the thought that our hospital could become the target of a major cyberattack never seems to come up as an issue. After all, what could anyone possibly want with medical records? The truth is that the danger is real; health records contain highly sensitive information that can be used for nefarious purposes in the wrong hands.
Medical record hacks are increasingly common. Last year showed us just how severe some of these hacks have become when Anthem lost the information of 78 million customers. The seriousness of such a hack can’t be highlighted enough. Smaller scale institutions are just as vulnerable, if not even more so.
But what is it about hacking a hospital that’s so appealing and why should it concern you? In the next few sections, we’ll discuss what kinds of things stolen medical records can be used for and how it can affect you. Further, we’ll talk about what, if anything, you can do about it.
The Value of Records
For healthcare professionals, there is no doubt irreplaceable value in patient records. Their history of illness, treatment and other personally identifying information is used worldwide to help provide the best available care. But within that highly confidential information is enough to perpetrate several crimes. There are three main categories:
- Identity Theft
- Insurance Fraud
The first and most obvious crime hackers commit with stolen medical records is identity theft. Armed with your medical history, a criminal has a list of places you’ve visited for care, your conditions, home addresses, billing addresses, credit card numbers, etc. All of this information is well beyond what is needed to commit identity theft.
Most institutions only ask for cursory information to verify a customer’s identity. The last four digits of a social security number, name and address; some businesses will even settle for a driver’s license number. A complete list of most relevant personal information makes identity theft practically effortless for the party holding stolen medical records.
Another lucrative use for stolen records is insurance fraud. Stolen medical records are frequently sold online, and the recipients may take part in a scam that involves billing your medical insurance for treatments you never received.
With all relevant insurance information stored in records, a thief could virtually create their own practice of non-existent patients, billing for numerous procedures without ever so much as leaving their house.
Naturally, this can come back to the affected party, as these fake procedures can make their way into real records, and changing the real records is never easy once something is written in.
What goes hand-in-hand with identity theft and insurance fraud is using the stolen information to undergo treatment. Fraudsters can fully impersonate a victim and can often cash in on their insurance to receive free medical treatment.
As stated before, this treatment is not without consequences. Not only do the insurance companies end up paying for fraudulent treatments, but your medical records can be permanently affected. Surgical procedures and allergies might show up on your records for years just because someone used your name to undergo treatment.
The Consequences of a Breach
The consequences of a hospital data breach extend far and wide. They affect virtually everyone involved, from the hospital and the insurance companies to you and your family. A few issues you’ve no doubt already figured out just based on what the thieves have to gain are:
- Costs associated with identity theft
- Permanently altered medical records
- Increased costs for all parties
Costs of Identity Theft
A study done just two years ago by the Bureau of Justice Statistics highlights just how expensive identity theft can be. While some victims only lost out on a few hundred dollars, others ended up short thousands. However, these numbers don’t tell the full story.
Fraudulent charges can lead to missed payments, which can negatively impact your credit score. The cost of repairing your credit following identity theft can add up, particularly if time is considered equally in value. Other problems noted ranged from minor inconveniences such as handling calls from debt collectors to having electricity shut off.
Permanently Altered Medical Records
When you receive any form of healthcare, records are necessarily kept of any procedures or treatment plans prescribed by the doctor. This is a great system for helping to understand a patient’s problems and how best to treat them for future issues, such as avoiding allergens or using different kinds of treatment for immune compromised patients.
But when a hospital’s records get stolen and used to either receive treatment or bill for fake procedures, those records also get recorded. Even after you realize what’s happened, those medical records can’t be easily changed. For some victims, this could be life threatening.
If you’re wondering how, consider procedures such as blood transfusions. Giving a patient the wrong blood type could kill them, and that’s just one of many different scenarios.
Increased Healthcare Costs
Repeated insurance claims, particularly fraudulent ones, increase the cost of healthcare for us all. This is especially true if your health insurance has limits. Visits to the eye doctor and dentist are frequently limited in this way.
Insurance companies also react by raising their prices to account for higher costs while hospitals simultaneously are forced to increase costs because fraudulent procedures often go unpaid once the insurance companies figure out what’s going on. This can also end with a bill entering collections with your name on it.
What You Can Do
Hospital digital security relies mostly on the hospital, but that doesn’t mean you can’t do anything at all. While doctors may be highly educated on aspects of health, they may not be much more knowledgeable than you regarding cybersecurity.
Advocating publicly for safer record keeping is one step worth taking to help stop cyberattacks from happening. Discuss with your doctors what they’re doing to keep your records confidential. Put them to the test—protecting your interests is their #1 job, and it’s actually required by law. Ensure that your providers understand their obligation to notify you if your records have in any way been compromised.
Privately, there are several options you have. Reviewing your insurance statements regularly is a good first step to take. It’s also worthwhile to request copies of your records from time to time. In the event of a major hack and the loss of your records, you’ll have genuine copies that exist before anything does go wrong.
The Future of Health Security
Right now, the world of healthcare is scrambling to keep up with the growing demands put on the field by both government regulations and the growing threat of cybercrime. Newer technologies offer some hope in preventing theft, ranging from better types of intrusion detection to authentication that uses biometrics (thumbprints for instance) or two-factor authentication (requiring a second code to access, such as one sent to a cell phone).
But such is the price of convenience. While storing records on devices that have internet access can put your information at considerably more risk, it makes it considerably easier for doctors to communicate and provide higher quality care.
What do you think about digital records? Are hospitals justified in putting us at risk? Tell us your thoughts in the comments.