The FBI is warning healthcare providers to increase their protection against cyber attack. The FBI says patient medical records and health insurance data are more valuable to identity thieves but less securely protected than customer information stored by other institutions, according to Reuters.
The healthcare industry is not as resilient to cyber intrusions compared to the financial and retail sectors, according to an FBI notice sent to healthcare providers; therefore the possibility of increased cyber intrusions is likely.
HIPAA Regulations Amplify Cyber Risk
For healthcare providers, the risk of a patient data breach is compounded by two things:
- HIPAA regulations requiring healthcare providers to protect patient personal information.
- The use of business associates and other third party contractors that provide vital services to the healthcare industry.
Further complicating the issue is HIPAA’s requirement that doctors, dentists, medical clinics and other healthcare providers not only protect patient information stored or transmitted via computerized or online records; but that they also protect patient data shared via smartphones and text messaging. HIPAA penalties for failing to protect patient data can be expensive and apply equally to healthcare providers and their business associates.
According to the FBI, criminal demand for patients’ personal medical information is greater than it is for retail or financial data because the information can be used in a greater number of ways. In addition to identify theft, criminals use medical records for financial fraud and to impersonate patients for the purpose of obtaining prescription drugs.
Choosing business associates such as medical call answering services that already have robust HIPAA compliance protocols in place is a smart way to reduce your risk of cyber attack.