By Anne Genge, CEO, and co-founder of Alexio Corporation
The story of Bob
‘What do I care if someone reads my dental chart?” This is what Bob said before I broke it down for him. Bob didn’t realize that when he filled out all the forms at his dentist, it included all the perfect details to re-create his identity. These details include not just regular contact details, but also his date of birth, his employer, insurance information, credit card details, email address, emergency contacts info, and then the scariest thing of all: his medication and previous health history.
Bob started to squirm as I asked him if it would be ok if I printed a few copies and posted them around the neighborhood, some at work, and at his kid’s school. Most people don’t think about the fact that every single healthcare provider collects the most intimate details of our lives, and stores them on a computer. This computer is connected to the internet, and when hackers steal this information, they can do a lot with it. First, they leverage it themselves; next, they post it for sale on the dark web, so any other enterprising bad guys out there can attack you.
I gave Bob some examples of how his personal health data can be used:
- Compete Identity theft
- Mortgage Fraud
- Insurance Fraud
- Bank/Financial Fraud
- Cyber-attack on him and/or his??? in the future
- Public exposure of embarrassing details of his life
How much are you worth to hackers? Actually, you’d be surprised.
Some of the information you protect the most is worth the least on the dark web – for instance: a social security number is only worth 10 cents. A credit card number is only worth 25 cents.
What they DO want to get their hands on, however, is your electronic health record, which is a hacker’s jackpot: it’s worth hundreds or even thousands of dollars.
Where Does Your Health Data Reside?
Think about all the places you have provided your health data; do you know for sure that they’re secure? Most people will automatically think of their doctor, their dentist, their physiotherapist. However, keep in mind that you share your personal health information far more widely than that:
- You disclosed your private health info to your life insurance company in order to get coverage and may have even submitted to tests
- Your employer often has r-[0ecords of time off, whether for physical or mental health reasons
- Any specialist you’ve ever seen for any reason
- For your child: their school also has some limited health information
- Your local pharmacy (where you fulfill your prescriptions)
- Your health insurance company
- If you’ve ever called them, your employee assistance program will also retain some information
- The government
What Can Be Done?
Start by asking questions. We obviously need these services, so abstention is not necessarily an option.
What we need is to make sure that these different agencies and businesses ensure the privacy of our data and build that into their business planning.
Here are a few questions to ask them:
- Do they store your data on a secure, monitored server?
- Who has access to your data? Is that monitored?
- Do they encrypt every email with your health or financial data in it?
- Have they ever had a data breach?
- How recently has the staff completed a cyber-security training program?
- How often do they do updates to their security software?
- Are their computers monitored for breaches?
These questions can tell you everything you need to know about the clinic or agency you’re about to engage with.
Why should you care?
Health care information is as personal as it gets.
Our medical records contain the most sensitive and embarrassing details about us. Anything we’ve ever told our doctor, our medication lists, therapy notes, addictions, and mental health: these are just a few examples.
These details are not like a credit card number that can easily be changed. Steal our credit card information and what happens? Our bank has algorithms that detect unusual activity; they call us, suspend our card until they can get us another, and reverse the charges by the data thief. Doesn’t sound terrible – inconvenient, at the most.
The Worst-Case Scenarios
Education is key in order to avoid these scenarios, but education on this topic is lacking, or is dependent on employers…where else does one learn about data security?
Many data breaches are a result of accidents: human error/mistakes – on the part of personnel in small practices. While they usually have your best interests at heart, small practices don’t always prioritize data security, which means the personnel there aren’t always up-to-date in their education, and to how to prevent breaches.
What You Can Do
Firstly, pay attention to articles that deal with data breaches – there are several that detail who’s been hit, how many records have been compromised and to what level. Just like a recall on your car, this is information you should be monitoring in order to determine whether you need to be concerned or not.
Secondly, only give away the information you need to; don’t volunteer health info – online or otherwise – unless you know it’s from a trusted provider with (at least a minimum of) basic security practices in place.
Why Health Data is So Important
The reason health data is prized above all others is because of how privileged it is. Most people don’t want it broadcast that they have been treated for HPV, HIV, or any number of other conditions. However, this is exactly what hackers rely on – they know that we want to keep our secrets, and many people have had their privacy held hostage at the hands of unscrupulous characters.
If you’ve been nervous about the security of your healthcare records, join the club. Pass this article along to your healthcare providers to start an important conversation about cyber-security in health practices.
If your dentist, physician or massage therapist doesn’t yet have a cyber-security officer or plan, then it may be time to switch. However, if you love them as much as we love ours, you may want to simply pass them this article.
Alexio is a cyber-security company that’s designed specifically for the healthcare industry and helps them ensure privacy and data security for their patients using automation and machine-learning technologies. Education for the protection of patient health information is also at the forefront and they deliver training to healthcare professionals as well as IT providers supporting them.
Alexio works with numerous other types of small businesses in order to ensure that everyone has access to enterprise-grade cyber-security, because it’s too important to only be available to those with the biggest budgets.
If you’re a small business, a healthcare practice owner, or a customer of any type, we’re here to help. Learn more: getalexio.com I Listen to the podcast: https://youtu.be/vg81sNPl_NU
About the Author
Anne Genge is the CEO and co-founder of Alexio Corporation. Alexio is located inside the IBM Innovation Space, IBM Canada Headquarters in Toronto, Canada. She and her team of certified privacy and security professionals help dentists, physicians, and other healthcare providers to secure their data & systems, and comply with privacy laws & college mandates. She is a firm believer that good training in cyber-security is the key to protecting not just her family and clients, but also government bodies and major corporations. To this end, she has partnered with many organizations, including the Canadian Dental Association, and others to produce training in order to reduce the frequency of human error resulting in a security breach. Learn more about Anne https://getalexio.com/