Medical ID fraud booming

Powered by SC Magazine
 

Executives need wake up call.

Theft of sensitive healthcare data is set to explode as information security receives scant attention from C-level executives, experts say.

They said incidents like the Utah Department of Health breach, which saw about 780,000 individuals' medical records recently stolen from a server, illustrate what's to come.

This prediction relies not only on the insecurities rife in health care institutions' technological infrastructures. Electronic medical records (EMRs) will soon be the norm given the financial support provided by the federal government for taking this route via the Health Information Technology for Economic and Clinical Health (HITECH) Act – a component of the American Recovery and Reinvestment Act passed in 2009.

And, what a target EMRs are becoming. According to New York City Health and Hospitals Corporation (HHC) corporate chief technology officer (CTO) Paul Contino, medical identity theft is a burgeoning threat likely to grow to huge proportions.

In fact, it's becoming one of the fastest growing crimes in the country, with sophisticated and organised hacking groups stealing patient identities to illegally obtain medical services, prescription drugs, as well as the bank accounts or credit card dollars associated with them.

Further, because sharing EMRs among business partners and other entities is now the norm, the target only grows larger.

“We're starting to go outside our four walls – and it's starting to become a big cloud and we're trying to put security around something that at times is a little amorphous,” said Contino.

Try they must, though. And critical to this is regular risk assessments.

“We tend to think we're ok, and often-times we're not. Risk assessments need to be there for us to justify to our executives that there is an issue,” he said.

“We shouldn't be hiding around the idea that we think we're secure. There are real risks out there and they need to be put in front of the executives so that we get appropriate funding. The sophistication of hacker attempts is getting to the point where it's incredibly scary.”

Scary, indeed, and those various information and privacy releases we as patients all sign when we visit our doctors' offices won't protect health care entities from fines and civil lawsuits any of us might opt to file in the event of our data being breached.

As federal auditors continue hitting the pavement in earnest this year to enforce data privacy regulations and the protection of our identities, security and privacy problems in the health care space must be given the attention they deserve.

This article originally appeared at scmagazineus.com

Copyright © SC Magazine, US edition


Medical ID fraud booming
 
 
 
Top Stories
Beyond ACORN: Cracking the infosec skills nut
[Blog post] Could the Government's cybercrime focus be a catalyst for change?
 
The iTnews Benchmark Awards
Meet the best of the best.
 
Telstra hands over copper, HFC in new $11bn NBN deal
Value of 2011 deal remains intact.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Who do you trust most to protect your private data?







   |   View results
Your bank
  39%
 
Your insurance company
  3%
 
A technology company (Google, Facebook et al)
  8%
 
Your telco, ISP or utility
  7%
 
A retailer (Coles, Woolworths et al)
  2%
 
A Federal Government agency (ATO, Centrelink etc)
  20%
 
An Australian law enforcement agency (AFP, ASIO et al)
  14%
 
A State Government agency (Health dept, etc)
  6%
TOTAL VOTES: 1792

Vote
Do you support the abolition of the Office of the Information Commissioner?