The work to keep electronic data safe is constant and ever-evolving; As we improve our security practices, hackers search for more creative and subtle ways to counteract them. That’s why, in addition to the technical tools we use to strengthen and protect our systems and our customers’ information, arming you with tools to strengthen and protect yourself is our next line of defense.
Credential theft is a booming business. More than 20 million credentials were stolen in cyber-attacks in the first half of 2019 alone, and Healthcare has now been identified as the top target for this kind of crime.
According to a 2019 Internet Security Threat Report by Symantec, cybercriminals are also diversifying their targets and using stealthier methods to commit identity theft and fraud. A common tactic, for instance, is to attach damaging – but very ordinary looking – Microsoft Office files to an email, which unsuspecting users then open without a second thought. These types of files made up 48% of malicious email attachments last year, so attackers know they work.
The hard truth is that over half of the damaging incidents that happen in our industry are due to human error, and that’s a risk factor that technical controls alone can’t address. You – EMR users, email recipients, smartphone owners – play a huge role in the safety of your own and your patients’ information, so understanding the stakes is the first step in arming yourself.
Why Personal Health Records?
At first glance, PHRs don’t seem the most obvious target for cyber thieves; after all, how much damage can they do with the name of my thyroid medication?
If that was the only thing being stolen, probably not much. But PHRs also contain enough personal information — full name, birthdate, address, SIN, names and contact information of next of kin, doctors’ names, past surgeries and hospital stays, which pharmacies the patient frequents – to lay the foundation for identity theft. Blackmail is also a credible threat, as health information that might be used to compromise a person’s professional standing or public reputation could easily be leveraged by bad actors for nefarious purposes.
In short, there’s almost nothing more personal than a Personal Health Record, so the stakes are high.
Who’s responsible for what?
In the efforts to keep patient data safe, we all have a role to play.
As your EMR provider, our job is to ensure our systems and products have the safeguards they need to securely manage patient information, including your communications and transmitted data. We also take every necessary measure to back-up and protect that information in our data centers, to keep you informed about potential or actual threats, and to give you the support you need if something goes wrong.
As your patient’s healthcare provider, your job is to manage security at the local level: ensuring your clinic is physically secure, that information is recorded accurately and that only authorized personnel have access to it, and that you exercise care in your digital communications (sending and receiving) to minimize unwanted access.
In today’s cyber-environment, one of the most effective tools you can use is Multi-Factor Authentication, and the article below discusses what it is and why it’s worth the time. There will always be risks when it comes to keeping data secure, but knowing where your power lies is half the battle.