Skip to main content

5 Reasons Criminals Want Patient Files More than Credit Cards

by K Logan | Apr 16, 2015

It may come as a surprise to many medical providers, clinical staff and even patients to know that there are many criminals who are interested in getting their hands on patient records. In fact, some criminals are much more interested in medical files than financial and credit card files.

iStock_000043979458Large

In 2014, the healthcare industry was overwhelmingly the top sector for security breaches, with 116 breaches in a single year –510% more than the financial sector. In 2014, over 7 million identities were exposed from medical breaches alone. Here are 5 good reasons why criminals are seeking medical records – and why the Office of the Inspector General and Office of Civil Rights are conducting more audits in 2015 than ever before:

Billing Scams. Thanks to the known bureaucratic nature of insurance companies, billing scams are often easy for a criminal mind to pull off. The thief will often pose as a medical practice using the patient information to bill and collect payments from the insurance company for services never rendered.

Prescription Drugs. Some drugs are hot sellers on the black market. Unfortunately, many criminals can easily obtain prescription information through medical records, fill the prescription and sell it on the market, while charging the cost back to the patient’s insurance provider.

Easy Access to a Mother Lode of Information. Because many practices’ network security is not compliant with HIPAA best practices, medical records can be easily accessed from the outside using simple malware. This software is increasingly available to cybercriminals. Medical records offer a perfect opportunity to swipe identities, often containing more information than financial and credit card records. A typical chart contains social security numbers, birthdates, addresses, phone numbers, copies of a driver’s license or government issued photo ID, important medical history, employment history and insurance information. These records are often juicier than what a financial record offers. What’s worse is that they are often much easier to access than the bank’s records.

Up to Date. Ask anyone and they’ll bemoan the amount of paperwork they constantly have to fill out as new patients and every year. Patient records provide a source for some of the most up to date information available. Because of the continuous enrollment in insurance, financial information is also often kept up to date and accessible through medical files. Patients are constantly reminded to update addresses, insurance information and the like to ensure the medical practice can bill for services. The same cannot be said for credit cards. Often, the customer provides information at the outset and that’s the end.

High Retail Value. Because of the quality and quantity of the personally identifiable information available through medical records, these medical records carry ten times the value of credit cards on the black market. For every one medical record sold in the black market, a criminal would need ten credit card files to turn the same profit. Naturally, they’ll go with the path of least resistance to the most amount of cash.

The requirements for technological, administrative and physical security laid out in the Health Information Portability and Accessibility Act (HIPAA) are safeguards for your patients as well as your practice. According to Symantec, small and medium sized businesses (including medical practices) are being more frequently targeted because their size indicates their security might not be up to snuff. These unprotected medical records are easier to obtain, and provide more opportunities for criminal profit than a credit card or bank record would. For that reason, medical practices of all sizes are often the target of sophisticated, coordinated network attacks.

Records that are stored in Electronic Health Record Systems should be protected from any unauthorized attempts to gain access to medical records, and this requires multiple layers of protection. Even paper records are not safe – currently, the primary method for data theft is physical theft. While the incidents of data breaches continue to rise, it is undeniable how much easier it is to walk into a medical practice as a new patient and gain access to medical records, identifiable information and much more.

Shea

Original Post

Add Reply

Post
×
×
×
×
Link copied to your clipboard.
×
×