Medical data breaches continue to happen at an alarming rate. It’s bad enough that someone has made off with your complete identity thanks to the amount of information a doctor’s office or medical center needs, they’ve also potentially stolen your complete medical history, and there are many different ways that can hurt you.
Sometimes, though, the hacker isn’t after your identity or your medical records. With the increase in ransomware attacks in recent months, patients may just be the innocent bystanders who got caught in the crossfire. As the name implies, ransomware attacks happen when a hacker infiltrates a network, and either grabs all of the data or locks up the network so no one can access it. From there, he informs the company that the only way to get their data back or unlock their network is to pay the ransom, usually in the form of bitcoins.
Unfortunately, ransomware attacks—especially on medical offices—are effective, which could logically be why they’re increasing. With their network locked up, hospitals can’t provide patient care; the resulting injuries or deaths can lead to lawsuits which would cripple the hospital financially. Of course, if the hacker follows through on his threat to upload the medical records to the internet, the hospital faces severe penalties for each and every HIPAA violation, which are often far greater than the hacker’s ransom demand.
Last month, an alarming 30% of the data breaches in the medical community were traced back to ransomware attacks by hackers (as opposed to more traditional hacking, internal data breaches, or accidental data breaches). This led to more than 100,000 patients’ medical records being exposed. June had an even greater number of attacks, with 41% of medical data breaches being the work of hackers, exposing more than 11 million records.
Unfortunately, unlike some other forms of data breach or identity theft, a medical data breach of this kind is hard for an individual patient to prevent. That’s why it’s important to ask serious questions about your information before you hand it over, such as who has access to it, how it will be stored and protected, and what will the the office do to notify you in the event of a data breach. If you’ve been the victim of a medical data breach, it’s important to follow the steps that were listed in your notification letter, and to inform your doctor and pharmacy that someone may be using your medical identity.
Anyone can be a victim of identity theft, anyone can use our services, and anyone can help us help others. If you found this information useful, please consider donating to the Identity Theft Resource Center to help us keep our services free to the public.