The digitalization of personal medical information was a move made out of convenience. It unburdened hospitals from the need to keep thousands of records. It also puts useful health insights back into the hands of people who need them the most—patients.
But while protecting a room full of records is straightforward, protecting the “cloud,” is anything but. When hospitals experience a data breach, it comes as a direct risk to the patients and their privacy.
How secure is patient information during a medical data breach?
In this article, we take a look at that question and explain what hospitals can do to avoid crisis situations.
What is a Data Breach?
A data breach in its simplest terms, occurs when an unauthorized party gets access to hospital information. That access could be minimal, or it could be catastrophic. In 2021, the terrorist organization known as Wizard Spider was able to gain access to Ireland’s entire digital healthcare framework by way of— and this is real— a simple phishing email.
Ireland was locked out of its own network for weeks. It cost millions of dollars to restore the system. Wizard Spider published hundreds of people’s personal medical records during the ensuing chaos.
Obviously, that’s just about as bad as a breach can get. However, even smaller-scale incidents can have big consequences.
Let’s go back to the central question that this article’s title asks: How secure is patient information in the event of a data breach?
It’s a little like saying, “How safe is my jewelry in the event of a burglary?” The answer will depend on what extra steps you take to protect your valuables. If they are in a carefully guarded safe, the burglar MIGHT not get them. If they are out in the open— say goodbye to grandma’s ring.
Digital records are similarly vulnerable. For one thing, like in the case of a burglary, cybercriminals need only one point of access to get into a network. The same way a state-of-the-art lock won’t do much good for your home if you leave the window open, the best firewalls won’t help you— or your patients— out if you don’t follow protocol.
HIPAA guidelines are supposed to keep patient records safe by establishing protocols that software providers and healthcare workers are beholden to. Those protocols are meant to prevent patient information from falling into the wrong hands by requiring multiple steps of identity verification, timed account sign-outs, and other rules that make it frustratingly difficult to view your blood lab results on MyChart.
But, in a breach scenario, all it takes is one tiny slip for a cybercriminal to get information they shouldn’t have. And they will do it, too. Private health information is targeted by cyber terrorists, who know quite well how much fear they can create by publishing personal information online. It’s also of interest to straightforward criminals who can make a tidy profit selling records on the dark web.
Bottom line? Patient information is only safe when patients and hospitals coordinate to follow protocol carefully.
Many Points of Vulnerability
Earlier, we mentioned that cybersecurity is a little like protecting your home. You can get cameras, fancy locks, a burglar alarm. But if you leave the window open, none of it matters. Cybersecurity is the same way. Your hospital may invest in firewalls. They might even get a fancy consultant to come out and give them a bespoke risk management plan.
None of that will matter if the hospital workers don’t understand their responsibilities. Hospitals that are truly committed to cyber security offer regular training to their employees. Not only does this help them remember important security protocols, but it also re-instills the high level of value that the hospital administration places on keeping information secure.
Patient Responsibility
Patients also have a degree of responsibility when it comes to keeping their private information safe. Even if the hospital takes every possible precaution to avoid a breach, data can still leak through simple patient mistakes.
For example, let’s say you are at a coffee shop when you get an update on MyChart. Is there any reason not to view it immediately?
Checking on your medical updates should be safe in public. But before you do it, there are several important considerations to make. How are you accessing the internet? While logging on through cellular data is typically safe, using wifi might not be. You don’t know how secure the network you are on is.
Data breaches could also potentially occur on the patient end if they experience a different cybersecurity issue. For example, if you fall victim to a phishing attack on the same computer that you view your health records on, it is possible for the cybercriminal to gain access to your records.
A Hopeless Situation?
Records can be compromised by the hospital. They can be compromised by the patient. Both parties could do everything right and still experience a breach if the hacker is clever enough. Is the situation hopeless?
Unfortunately, there is no perfect strategy for staying safe online. Awareness is certainly a powerful step in the right direction—particularly when you can use it as a catalyst for action.
If you are a healthcare worker committed to keeping patient records safe, you can vastly reduce the risk of experiencing an issue by emphasizing best practices at work. Even underfunded rural and urban hospitals can do a lot to keep themselves protected just by making smart internet hygiene choices.
Patients who are concerned with cyber security make sure to access their records only in ideal security conditions. You can also feel free to ask your healthcare providers about what steps they are taking to maintain your privacy. Advocating for yourself in the world of healthcare is a powerful and often necessary step toward achieving the best possible outcomes.
Don’t allow yourself to feel overwhelmed by the risks of healthcare-related breaches. With constant vigilance and appropriate caution, it is very possible to stay safe online.