Most recent

Are Healthcare Companies Maintaining their Security Solution?

By Tom Skeen

That’s a question that many of us are asking ourselves these days. It might not seem like that significant of a question at first glance, but when you really think about it do you want some random outsider knowing what your most intimate medical issues are or what prescription medications you’re taking?

Just think about it. You go to your physician for your annual physical and they run a wide-ranging battery of tests on your health. This information is now located on how many different servers, on how many different email accounts and with how many different companies? With so many cyber threats going on these days, I bet you would like to know, what's their security solution?

Not only does your doctor have a file on you, the lab that runs the tests does as well. Then, don't forget, your insurance company is communicated to by a third party billing company to determine payment. So now, at minimum, this information is likely accessible by thousands of individuals with a “right to know” just due to the process.

Healthcare Regulation and Security Solutions

Each organization in the U.S. is bound by HIPAA regulations and must be diligent in protecting your personal health data, but are they? Or are too many of them not doing the right thing?

For starters, in 2014, nearly 4% or over 42 million of the data records breached were from within the healthcare sector. As if that wasn’t bad enough, in 2015 that increased to over 134 million records breached or over 21% of all the data records compromised last year [1].

As you can clearly see, this is an increasing trend in the healthcare industry. So what is the problem? In my opinion, it’s a combination of things.

Lets take a look at some of the most problematic:

  1. Many companies are still using outdated or unauthorized unsecure methods of storing, sending and receiving healthcare information instead of using secure data exchange, digital data vaults, layers of security and secure file sharing applications
  2. Employees aren’t being properly or fully trained in ways to communicate/exchange confidential healthcare data
  3. Organizations are not performing random assessments or spot audits often enough on the expectations that they have outlined
  4. Healthcare organizations do not have the proper controls in place to prevent our data from being compromised by a criminal or rogue employee
  5. Proper monitoring is not in place to alert when a potential data breach has occurred 

Healthcare information, unlike financial data, has a very long “shelf life” for use. For example: credit cards expire, but your health records do not. With that being said, healthcare fraud continues to be on the increase year on year. 

Who's in Charge of These Threats?

Many experts in the healthcare field believe that the typical profile for these criminals lean toward being state sponsored. They are usually well-organized cartels and have differing motives so to speak. Some of these cartels could be using this data to obtain addictive prescription medication for buying and selling on the black market, determine what aliments people have and what medications they take, or from what geographical locations these patients are from. With this information, one could only imagine what could be done with it - ranging from chemical warfare to potentially limiting the ability for certain drugs to be dispersed to a subset of a population in an effort to gain leverage and cause chaos or terror.

Healthcare Companies Must Maintain their Security Solution

At the heart of this discussion, it really all comes down to the fact that healthcare firms, whether this is your doctor or insurance company, must keep our most personal information secure, safe and out of the hands of criminals. If you still aren’t convinced that your health data is personal, just think about the last time you were prescribed a medication or had a test run and imagine if your neighbor, a family member or your employer ended up with this information. Would it be devastating or embarrassing? For some it could be. Lobby for change and hold those accountable that you do business with. It’s completely appropriate to ask your doctor how he/she secures this information or choose a different provider that will openly discuss this topic with you, if yours will not.

Here are more statistics on which industry has been most vulnerable to data breaches in the past. 

data breach 2


[1], [2] Data was compiled using

Fore more information on a safe and secure data exchange solution, download Safe-t's White Paper >>

All posts