True cost of breached patient data
Data breaches highlights why we need secure messaging for doctors
Statistics published by the Journal of Hospital Medicine in July 2017 show that despite the persistent campaign to educate the healthcare community about the problematic nature of pagers and unsecured messaging, both continue to be popular technologies. According to the Journal:
- Almost 80% of clinicians continue to use pagers. It is the most commonly used technology by hospital-based clinicians
- 53% of clinicians use text messaging to exchange patient care information
- 22% exchange text messages that include identifiable patient information
- Relatively few hospitals have fully implemented secure mobile messaging applications
The lack of security these statistics demonstrate is more than just a HIPAA compliance issue – although that is an important issue as well. The lack of secure messaging for doctors and nurses also has a significant impact on patients’ financial and actual physical health.
The goal of this blog is to highlight how the exchange of unsecured patient information through pagers and standard text messaging applications leads to deleterious impacts that hospitals can no longer ignore. The lack of secure messaging for doctors and nurses must stop.
How do unsecure messages go rogue?
When pagers are unsecured or unsecured patient information is exchanged there is a real risk that the information can be hijacked or stolen. When pagers or unsecured texting devices are used, the exchanged messages are neither encrypted nor password protected. As such, if the content of those messages gets into the wrong hands then the content can be used for harmful purposes.
Healthcare is the most vulnerable sector of the US economy when it comes to breaches of patient health information. Healthcare tops the list of the most cyber-attacked industries. In 2015, one in three Americans were the victim of healthcare data breaches. This figure translates into more than 111 million individuals’ data being lost due to hacking or IT incidents in the U.S. alone. The leading cause of breaches was lost and stolen devices such as smartphone.
In the case of smartphones, many hospitals either explicitly or implicitly allow practitioners to bring their own device (BYOD). With the inherent challenges around developing adequate security measures for messaging on personal devices, sensitive data is left exposed. With lost or stolen devices, hospitals and clinics have no way to wipe the device nor do they have encryption and passwords on messaging applications that would prevent improper use of the information.
Mobile devices remain a key access point for PHI and when lost or stolen, the information on the devices often results in costly data leaks. Demand for BYOD is significant among healthcare professionals with approximately 85 percent of healthcare professionals bringing their own devices to work. Given these statistics, it is likely that smartphone use will continue to grow in healthcare and that possibilities for stolen healthcare information will grow alongside it.
What happens when hospitals don’t provide secure messaging for doctors and administrators
The value of lost or stolen healthcare information is double to triple that of credit card information. Why? A lost or stolen credit card can easily be canceled and replaced with a new one. But, what do you do when someone has stolen your social security number or personal records with your date of birth and other identifiable information that allows a criminal to impersonate you?
On the black market, criminal hackers can demand $20 per health insurance credential and upwards of $50 per medical record. By contrast, someone’s credit card information might sell for only one or two dollars. Victims end up medical identity theft pay an average of $13,500 to resolve the crime.
Cybercriminals use the stolen healthcare information to impersonate unwitting victims. By impersonating individuals, criminals use the stolen credentials to obtain health services such as surgeries, medications or health aids. Unfortunately, there is no centralized repository for medical records. Thieves can easily hop from one healthcare provider to the next, making fake claims.
Not only do these acts violate the privacy of the patient, they also can lead to the alternation of patient records. As one source wrote:
[I]mpersonation can corrupt a victim’s health record. It can be things like incorrect blood type, incorrect allergy information, not the right kind of medications, conditions, or diseases that the you have and the thief doesn’t have or visa versa. [A] corrupted medical history could lead to delays, misdiagnosis, and incorrect treatment.
Medical identity theft corrupts medical records with erroneous information that can lead to incorrect diagnosis and treatment. Therefore, the theft is a quality-of-care issue that directly impacts the core mission of the health care industry.
There are many other ways that unsecure messaging can impact patient health. From delaying necessary patient care to providing redundant testing, the impact of unsecure patient health information cannot be ignored. The need for secure messaging for doctors is greater now than it has been before. Healthcare facilities need to begin taking secure messaging seriously.
Download our e-book to learn more.