Are Your Healthcare Files at Risk of Being Hacked?

Hacks targeting our healthcare infrastructure are nothing new or original, but their occurrences continue to be on the rise. In the most recent example, Florida officials revealed that a large-scale Medicaid hack could have exposed 30,000 patients sensitive medical records a few months back. With a growing threat to our privacy, why could hackers be targeting your medical information and what can you do to prevent it?

According to the FBI, healthcare organizations have been made aware of increasing data hostage situations backed by phishing emails and malware. A specific type of malware known as ‘ransomware’ is especially widespread, making up for 72% of all healthcare attacks.

Read More: 17MM Phishing Scams Blocked in 2017: DFNDR Security Revolutionizes Protection

What is Ransomware?
Ransomware focuses on capturing sensitive information and then holding it until payment is received from the targeted organization. If organizations refuse to pay, hackers will generally sell off the data or destroy it altogether.

According to Verizon’s 2017 Data Breach Investigations Report, holding your healthcare data ransom can be particularly lucrative:

“For the attacker, holding files for ransom is fast, low risk, and easily monetize less – especially with Bitcoin to collect anonymous payments.” – Verizon Report authors.

While some of these attacks are on the healthcare infrastructure itself, others are targeted at individuals through phishing efforts; these can easily be avoided with standard safe practices.

Watch Those Passwords!
Be conscious when creating passwords for online medical services. Design passwords that are random and complex, featuring numbers, letters, and symbols. Avoid dictionary words or phrases that a hacker can easily attempt to decode. If your passwords are getting out of hand, try a secure password management solution such as 1Password or LastPass.

Most importantly don’t give out your password or other sensitive information if asked. Healthcare companies will never send you unsolicited emails asking for passwords, social security information, or other private details. If you receive an email from a healthcare provider, avoiding click the links and instead, visit the official site by typing in the provider’s address manually into your web browser.

Medical Phone Calls Are Legitimate, Yes or No?
The same general information applies if you receive a phone call from someone claiming to be your healthcare provider, and making claims that your rates have increased or are on the financial hook for a medical procedure..Hang up the phone and call the company directly using the number provided on their website or the back of your insurance card.

We can’t do everything to stop hackers hacking from attacking our healthcare data, much of our protection is based upon the health IT infrastructure. However, following the above best practices are an excellent way to keep your sensitive information as it should be – private.