Even before the pandemic, protecting patient data has been a big headache for most healthcare providers. This is mostly because cybersecurity measures employed by most hospitals are not state of the art, which means hackers constantly attempt to break in and steal patient data, many cases ended up in lawsuits, and cost hospitals a lot of money as well as cause patient safety issues down the line. However, during the pandemic, there have been cases of data breaches, and just last month (May), around 2.7 million people were affected by them collectively. Let’s take a look at how some of these happened, how most of these cases lead to medical identity theft, and how the latter can be stopped in real-time with a positive patient identification platform.
Some very recent data breach cases that show protecting patient data is crucial
While ransomware has been a major component of data breaches in recent times, phishing and other tactics are also used and are still some of the primary tools employed by hackers during breaches. Let’s take a look at some of the recent cases that have been filed in May – you can view the full list here.
HPSJ’s email breach affected over 420,000 medical records
Health Plan of San Joaquin suffered a breach that occurred because unauthorized personnel had gained access to the provider’s email system. This occurred back in 2020 and, after inspection, it was discovered that this affected a number of official emails. While password reset was mandated on the accounts, it might have been too late, and it was found that this happened between the end of September and the middle of October last year. Moreover, after a thorough review, it was detected that over 420,000 patients’ information was compromised, and it included names, addresses, SSNs, and more. While it has been said that there has been no misuse of the information yet, HPSJ itself is being cautious since it knows that the breached information might be used in the future for medical identity theft.
Arizona Asthma and Allergy Institute suffered a breach that compromised 50,000 patients
This one is a bit vague since there is no concrete information as to how it happened. However, the Arizona-based institution has stated that PHI (protected health information) of up to 50,000 individuals was “temporarily exposed online” under the name of a different organization back in September 2020.
It took till March 8 2021 to uncover that sensitive information was compromised including – last names, healthcare provider names, health insurance information, and patient identification numbers.
Just like the last case, there is no hard evidence that the compromised information has been misused – yet. However, the institute has notified affected patients to monitor their statements for fraudulent activities arising from medical identity theft.
These were just two examples – around 35 hospitals and healthcare organizations such as Arizona Asthma and Allergy Institute, CareSouth Carolina, New England Dermatology, and more, were hit by similar breaches, affecting around 2.7 million individuals! This clearly shows how many people data breaches can affect and how they are becoming increasingly common and inevitable. But why are hackers focused on data breaches and why do they target healthcare?
Data breaches – why target healthcare and what happens next
Well, hackers typically steal information in order to sell it in the black market, and in the U.S. the most profitable information is medical records. You see, stolen patient information can be sold for up to $1000. Compared to selling stolen credit card information, that’s a lot, which is why more hackers focus on healthcare. Moreover, healthcare providers have a lot of constraints which prevent them from utilizing the best cybersecurity practices, leading to data breaches.
After the breach, when the hackers try to sell off the information on the black market, there are many individuals who are willing to buy it. Since buying the information for $1000 is cheaper than paying for their own healthcare, many fraudsters find this feasible. Afterward, they pose as the patients when they go to the hospitals. Unfortunately, as these fraudsters are armed with the information and since there’s no accurate patient identifier used by the caregivers, most of these bad actors get access and avail healthcare services fraudulently.
Protecting patient data is possible even after a breach
While most healthcare providers focus on protecting patient data before data breaches, others utilize innovative solutions to protect it after breaches too. Most of the fraudsters can be red-flagged and medical identity theft can be prevented if a proper patient identification platform is used, and that’s exactly what RightPatient does.
Whenever fraudsters come in, they need to verify their identity, and RightPatient validates that by comparing the live photo with the saved one. When it detects that the fraudster’s face does not match with the saved one, it red-flags them, preventing medical identity theft in real-time.
RightPatient prevents medical identity theft, reduces denied claims, ensures accurate patient identification, enhances patient safety, and more – would your facility benefit from this solution to protect patient information and prevent millions in losses?