When MD Isn’t Enough

Get to Know Scott Augenbaum

Is Your Healthcare Provider Credentialed in Cybersecurity?

Going to the doctor isn’t my idea of fun. Taking my kids to the doctor isn’t exactly the cherry on the sundae, either. We all venture to the whitecoat-laden land of healthcare practitioners; going in with a problem, and leaving with a solution. The last thing on your mind is: Where is all of my information going? While you’re washing your hands post-sneeze in the doctor’s office (or hoping the person next to you does), you’re probably not asking yourself, “Am I really at risk for having my information compromised?” Well, I hate being the bearer of bad news; but the answer is yes. 

We don’t really think of ‘cybersecurity’ and ‘healthcare’ as a blended entity; working together in marital bliss as a cohesive concoction of two crucial, leading industries. 

That’s because they aren’t. But they need to be. 

The healthcare industry experiences more data breaches than any other sector, according to the Ponemon Institute and Verizon Data Breach report. It’s no surprise cybercriminals love targeting this type of information. With a wide-array of IT systems, and medical smart-devices that use such technology- the ways a criminal can gain access is endless. Social security numbers, birthdates, health information, banking data- it’s a goldmine of profitable info. As with most highly-skilled trades, occupations such as doctors, dentists, NPs, PAs, and nurses are not trained about malware and phishing. 

The programs and systems they use may be HIPAA compliant, but are mainly engineered fo maintaining the patient’s medical record. 

Through no fault of their own, cybercriminals have used this to their advantage and know how to get into such databases. I’ve seen this ruin practices, and patients’ lives;  all because the user was not aware it could happen to them.

While the standard of care takes precedence in healthcare, the standard for security must rise to equal importance. 

So many breaches, within so little time. One, if not all of us, has or could have, fallen victim to any of these data breaches in the last few years. What used to be taboo is an everyday occurrence. Most recently headlining the news is the payout made by Premera Blue Cross of $10.4M. This is yet another example of bad security procedures and poor cyber-hygiene. Premera Blue Cross, the largest insurer in the Pacific Northwest, agreed to pay the $10.4 million across 30 states, in which confidential data was hacked for more than ONE year. The lawsuit also claimed they knew about it, but failed to secure the information. Quite the big ut-oh if you ask me.

Additionally, as part of the settlement, Premera agreed to hire a chief information security officer to handle these operations. My question to you is this- What took so long? Maybe I’m dumbfounded because cybersecurity is my bread and butter; but I have to wonder why companies are still carrying on with their daily operations, lacking this vital component for their infrastructure. With bank account information, addresses, and social security numbers on the list of what is on these databases- it goes without saying that this should be a non-negotiable when you look into your practitioner of choice, or likely, research a new one. 

How do you protect yourself then? Here are some questions to jot down, or have in mind when choosing your doctor:

  1. How big or small is your healthcare facility?
  2. Do they have a CISO?
  3. What kind of networks do they use, or systems?
  4. How many staff members are there, and do they know the SOP in cybersecurity?
  5. Do they have special certifications for security?

In no way am I saying to forego your doctor the next time you have the sniffles. And I’m pretty sure that root canal shouldn’t wait because you’re anxious about your information being sold on the dark web. What I will tell you, is that you need to be aware of the world we live in. By understanding it, we can protect our businesses, our families, and our future. 

Leave a Reply

Your email address will not be published. Required fields are marked *