Q: Are medical practices now more vulnerable to data breaches and hacks than standard commercial businesses?
A: Small to medium-sized health care practices are not used to being the target of such attacks. Until now, most data breaches have been against large commercial companies and were done in order to gain access to credit card information. Commercial companies have become more responsive about combating the digital threats to their business data. Medical practices do not have the experience in defending against such attacks because they haven’t had to do so. They are now becoming the new low-hanging fruit for the hacker industry.
Q: Why are medical practices now more vulnerable?
A: Medical data contains more valuable information than credit card data. Medical data includes birthdates, social security numbers, financial information, health history and email addresses – more information than your usual retail account. This information can be used to make “phishing” attacks believable by employees who could unknowingly deliver access to their company’s networks. Health data also commands a higher price than credit card accounts in the marketplace for stolen information. A medical record might fetch $50, while credit card information may be only be worth $5 per account.
Q: What should medical practices do to protect themselves?
A: Health care providers and medical entities should immediately formulate a plan to assess their current IT infrastructure and office procedures for security vulnerabilities. This plan should include a formal security audit by a qualified IT security vendor. The subsequent remediation plan should include IT infrastructure hardening and the consideration of data breach insurance. These security assessments are much more affordable than you would think. I95
Kenneally Technology Services