‘Until we have better protective measures in place, there’s always risk’
FRAMINGHAM, Mass. – mHealth apps, devices and platforms have significant privacy and cybersecurity failings, and are vulnerable to hacking events, recent studies show.
Steven Bearak, CEO of IdentityForce, which provides medical identity, privacy and credit security solutions, shared why home health technology is attractive to hackers and what consumers can do to protect their health data.
HHTN: Do you think home health devices and platforms are secure?
BEARAK:Medical devices are no different than any other device that connects to the Internet—once you’re connecting with other devices and networks, your information is vulnerable and can be breached. These devices can be compromised and personal information can be exposed.
HHRN: Why do you think hackers are targeting medical information?
BEARAK:It’s not surprising that hackers are going after medical information so easily. On the dark web, it’s been reported that the most expensive personally identifiable information being bought and sold are complete medical records, which can be purchased on the black market for $1,000.
HHTN: Do you think home health devices can ever be secure?
BEARAK:Medical devices have wireless connectivity and they essentially enable health professionals to adjust and fine tune treatment and medication of these devices without invasive procedures. That’s a strong benefit, but as with any technological conveniences, there can also be downfalls. Better security protocols must be initiated by the manufacturers before these devices go out to market. Too much reliance on third-party protection versus starting during the early planning stages has created a lot of the security hacks we see today. Enacting better security protocols is a marathon, not a sprint, and unfortunately, until we have better protective measures in place, there’s always risk.
HHTN: What can consumers do to keep their information safe?
BEARAK:Medical identities are 20 to 50 times more valuable to criminals than financial identities. That may explain why an average of 1.5 health care data breaches occur each week. What makes this even more unpredictable is that identity theft is a long-term crime, and fraudulent activity may not show up for six to 12 months or even longer. That’s why it is essential to continually monitor your personal identity.
Consumers should also:
- Track your medical records and check for mistakes. Remember, you have the right to see your records and have errors corrected. Wrong information not only points toward evidence of identity theft but also has implications for your treatment.
- Read your medical and insurance statements regularly and completely. They can show warning signs of identity theft.
- Review your insurance benefits. Ask your insurer for a listing of benefits paid out under your policy at least once a year.
- Monitor where and when you provide your personal medical information (in person, over the phone, or online). Always decide if the information is absolutely necessary before providing it.
- Keep paper and electronic copies of your medical records and health insurance records in a safe place, and, when no longer needed, shred documents containing personal information.
- Look for medical organizations that follow the “Red Flags Rule,” which requires many businesses and organizations to implement a written identity theft prevention program designed to detect the “red flags” of identity theft in their day-to-day operations and take steps to prevent the crime and mitigate its damage.