Far too many people don’t express enough concern over their medical records’ security. “Why would anyone care about my health?” they ask. But it isn’t your health that hackers care about. In the wrong hands, your medical information could damage your public image. Devious perpetrators may alter your records in ways that could cause you great harm. They could make changes indicating that you have certain medical conditions or that you require a harmful medication. Or they may decide to sell your records on the black market.
Common Uses for Hacked Medical Records
Medical records are among the most sought after type of hacked data.
Medical records often contain date of birth and social security number. These can then be used to make fraudulent transactions or apply for credit cards – especially if the victim is very young and thus has perfect credit.
If you are on certain medications, the recipient of your data can log into your patient record and may be able to change the delivery address of your medications or other medical supplies and devices.
Medical records also usually include a date of death for the deceased. This allows a hacker to assume the victim’s identity far more easily. With a stolen identity that is not likely to be discovered quickly (the deceased are not going to discover that they have been compromised and thus give the hacker a longer run of deceit) a wider and deeper range of crimes may be committed such as property transfer or tax fraud.
But hackers don’t usually use the information themselves. They sell it. Personal data records are worth up to twice as much when they include medical information or a medical ID.
What can you do?
There are many things you can do to help protect your medical records.
First of all, ask your doctor what medical records system they are using and do a little online research to see if the industry believes it to be secure. Many EHRs are decades old at this point and suffer from being developed at a time when cyber-security was not such a big concern.
You should always use two-factor identification whenever accessing your records and ask if your doctor does the same. Remember your doctor has access to all of your information as well so if his or her password leaks out, you are at risk.
Never discuss any private data with anyone. It is amazing how often an innocuous comment can actually be a security violation. For example, a medical records system is required by law to separate your medical data from your personal data so if the medical side were breached, it would be very difficult to determine who the patient was. Now that digital health is upon us and patients have access to their own medical records, they may inadvertently usurp the security measures put in place my their clinician. (more on this in another post.)
Above all use common sense and treat your medical information as though your life depended on it.