How much are you worth to hackers? Actually, you’d be surprised.
Some of the information you protect the most is worth the least on the dark web – for instance: a social security number is only worth 10 cents. A credit card number is only worth 25 cents.
What they DO want to get their hands on, however, is your electronic health record, which is a hacker’s jackpot – worth hundreds, or even thousands of dollars.
Where Does Your Health Data Reside?
Think about all the places you have provided your health data, but do you know for sure that they’re secure? Most people will automatically think of their doctor, their dentist, their physiotherapist. However, keep in mind that you share your personal health information far more widely than that:
- You disclosed your private health info to your life insurance company in order to get coverage, and may have even submitted to tests
- Your employer often has records of time off, whether for physical or mental health reasons
- Any specialist you’ve ever seen for any reason
- For your child: their school also has some limited health information
- Your local pharmacy (where you fulfill your prescriptions)
- Your health insurance company
- If you’ve ever called them, your employee assistance program will also retain some information
- The government
What Can Be Done?
Start by asking questions. We obviously need these services, so abstention is not necessarily an option.
What we need is to make sure that these different agencies and businesses ensure the privacy of our data, and build that into their business planning.
Here are a few questions to ask them:
- Who is their in-house privacy officer?
- Have they ever had a data breach?
- How recently has the staff completed a cyber-security training program?
- How often do they do updates to their security software?
- Are their computers monitored for breaches?
These questions can tell you everything you need to know about the clinic or agency you’re about to engage with.
Why should you care?
Health care information is as personal as it gets.
Our medical records contain the most sensitive and embarrassing details about us. Anything we’ve ever told our doctor, our medication lists, therapy notes, addictions, and mental heath, are just a few examples. These details are not like a credit card number that can easily be changed.
Steal our credit card information and what happens? Our bank has algorithms that detect unusual activity; they call us, suspend our card until they can get us another, and reverse the charges by the data thief. Doesn’t sound terrible – inconvenient, at the most.
The Worst-Case Scenarios
Education is key in order to avoid these scenarios, but education on this topic is lacking, or is dependent on employers…where else does one learn about data security?
Many data breaches are a result of accidents – human error / mistakes – on the part of personnel in small practices. While they usually have your best interests at heart, small practices don’t always prioritize data security, which means the personnel there aren’t always up-to-date in their education as to how to prevent breaches.
What You Can Do
Firstly, pay attention to articles that deal with data breaches – there are several that detail who’s been hit, how many records have been compromised and to what level. Just like a recall on your car, this is information as to whether you need to be concerned or not.
Secondly, only give away the information you need to; don’t volunteer health info – online or otherwise – unless you know it’s from a trusted provider.
Why Health Data is So Important
The reason health data is prized above all others is because of how privileged it is. Most people don’t want it broadcast that they have been treated for HPV, HIV, or many other conditions. However, this is exactly what hackers rely on – they know that we want to keep our secrets, and many people have had their privacy held hostage at the hands of unscrupulous characters.
This is precisely the reason the government passed PIPEDA back in 2000, covering Personal Information Protection and Electronic Documents (Act). It became obvious over 18 years ago that this kind of information was going to put Canadians at risk.
If your dentist, physician or massage therapist doesn’t yet have a cyber security officer or plan, then it may be time to switch. However, if you love them as much as we love ours, you may want to simply pass them this article.
Alexio is a cyber security company that’s designed specifically for the healthcare industry, and allows them to ensure complete privacy for their clients, through both education, automated updates and regular scans that detect dark web breaches.
The primary problem of the 21st century will be data privacy, but there is help. Call now to book a consultation and we’ll be happy to help you understand what’s involved in protecting health data in Canada.
Anne Genge is the CEO and co-founder of Alexio Corporation. She and her team of certified privacy and security professionals help dentists, physicians, and other healthcare providers to secure their data & systems, and comply with privacy laws & college mandates. She is a firm believer that good training in cyber-security is the key to protecting not just her family and clients, but also government bodies and major corporations. To this end, she has partnered with many organizations, including the Canadian Dental Association, to produce training in order to reduce the frequency of human error resulting in a security breach.