Millions of Medical Records That Include Images Have Been Exposed. Are You a Victim?
There are different types of sensitive information. Perhaps, personal medical records can be said to be the most private information about an individual. When we visit our physicians, we expect our medical records to remain private and secure. However, with the switch from analog to digital, private medical records have also become a piece of information that can be stolen. What’s more, while it is possible to experience a medical data breach, it is also very common to come across servers that do not secure this kind of information in the first place. Thus, we need to take a closer look at this issue to make sure that we do not become the next victims of a medical records data breach.
Dangerous Medical Records Data Breach Instances
When we talk about a data breach, we emphasize the measures users and the data administrators can take to prevent malicious breaches. However, it is also important to note that if hackers are determined, they might steal the data no matter what security measures are employed. Of course, most of the time, relatively outdated security measures and authentication methods only help hackers steal more data.
For example, back in June, it was reported that almost 20 million patients of Quest Diagnostics and LabCorp got their information stolen in an obnoxious data breach. Security experts have noted that this data breach was similar in its nature to the attacks that were arranged against Ticketmaster, British Airways, and other organizations. During such data breaches, hackers tend to exploit a certain system vulnerability to steal sensitive data. The worst is that the vulnerability might remain undetected for a long period of time. Consequently, hackers can take their time stealing important information. Not to mention that services do not notify their customers about the breach until way later.
So, these are the types of data breaches that require a little bit of effort on the hacker’s side. But what if the hackers do not need to try at all? What if your personal data is just lying around, waiting for someone to take it? What if a medical records data breach is nothing more than a pleasant walk in a park?
Medical Images and Data Available Online
As mentioned before, the shift from analog to digital has opened doors for another type of criminal activity. Also, the universal data exodus from the paper form to the cloud service unearthed numerous security issues. It seems that someone in the medical world responsible for the security of private information has simply forgotten to secure it.
A few weeks ago, ProPublica published a report about the security of medical images and health data around the world. ProPublica is a non-profit organization that investigates abuses of power. Although the report was started out as a German investigation, ProPublica also states that millions of Americans are at risk of medical records data breaches because their information is not stored properly.
Now, what do we mean by proper storage? It means that if someone manages your personal information, they should make sure that no one from the outside is able to access it. So, if your medical records are stored on an online server, that server should be protected.
However, ProPublica identified at least 187 servers across the United States that weren’t using the basic security measures to protect the data. And what is a basic security measure? You probably are not going to believe it, but yes – it is a password. It is definitely hard to believe, but while individuals and businesses are actively employing password managers to protect their information from potential hacking attacks, there are still multiple databases out there, available to reach with one single click.
How is it possible to access an unprotected server? Well, sometimes, a web browser is enough. If you know the hyperlink address, you might reach the server, and just navigate through its folders looking for the information you need. Sometimes you may need special software. Sometimes it may require a little bit of coding. However, even if it does require some effort on your (or the hacker’s) part to access that information, security experts unanimously agree that, with such lack of protection, medical record access wouldn’t even count as a hack because you would be walking in through an open door.
Isn’t it illegal to store such sensitive information out in the open? The legal ground is slippery in this case, but some security experts suggest that continuous exposure of sensitive medical records could be a violation of the Health Insurance Portability and Accountability Act (HIPPA) that was passed in 1996. So the companies that store this information should be concerned about the potential data breaches. In fact, some medical providers like MobilexUSA have locked down their systems after ProPublica alerted them about the lack of security of their servers.
Are You a Victim?
Although there’s no actual list you can check, you can always ask your health care provider whether your medical records and imaging scans (like X-ray, ultrasound, and others) are protected by a password. You may also make inquiries into the usual personal data security practices at your doctor’s office.
If you are one of those users whose personal information has been stolen by hackers, your medical service provider should have informed you about it by now. Please follow the recommendations from your service provider to improve your data security.
All in all, there isn’t much you can do to protect your medical records yourself. However, if you make appointments to see your G.P. online, you probably have a password that helps you access your account. Although the chances of hackers targeting your account on a medical service website are pretty low, you can still review your password strength and perhaps change it.
The most efficient way to generate strong passwords is to employ reliable password managers that can evaluate your password strength and then help you create a new one. This way, you will be sure that you have done everything you can to protect your data.