Health records offer tempting target for cybercriminals

Health records offer tempting target for cybercriminals
Even before the advent of HIPAA regulations, protecting medical records has been a crucial aspect of how the health care industry handles the wealth of information at its disposal. But with increased computerization of the field and the HIPAA fines that failure to protect records can bring, guarding against cyber thieves is more important than ever.

That’s because, though it was once assumed that such medical records had limited allure to non-professionals, now we know that such records can be valuable for online crime, with identity thieves using the data within – especially Social Security numbers – to gain access to bank accounts, credit cards and other valuable – and vulnerable – resources.

In an article on InsideCounsel.com, Michael L. Whitener of VLP Law Group outlined some of the reasons why health records are so valuable to cyber criminals. First, he said, medical records contain an abundance of personal information, including a person’s name, social security number, birth date, policy number, diagnosis codes and more.

“If a cyber-criminal gets his hands on that information,” Whitener said, “it can be exploited in several ways, including submitting false medical claims, acquiring controlled and prescription substances, creating fake identities, extorting patients, accessing government benefits, and obtaining medical devices.”

He adds that the information in medical records is usually that can’t be changed, unlike credit card or bank information – so the cyber-criminal can exploit it for a long time. And, third, there can be a long lag time between the health record theft and the discovery of the theft, if  the theft is discovered at all.

“When your credit card is stolen or your bank credentials are compromised, notifications to the victims are often triggered, and there are consumer protections provided under the Fair Credit Billing Act,” Whitener said. “No such standard triggers or protections are available for health record thefts.”

For those reasons, taking every possible step to ensure the security of health information is crucial for organizations that deal with such data. One such step is outsourcing the processing of that information – whether that means data capture, claims payment or adjudication, bill payment or bill processing, prescription processing or mailroom services – to a reliable provider. An established expert in business process automation that is in compliance not only with HIPAA regulations but also with other industry and federal standards can provide an additional, invaluable layer of security to an organization’s data, meaning that however tempting that information will be to cyber criminals, they’ll have no way of getting to it.

Comments are closed.