Unsecured Medical Images Are an Underrated Threat to Patients
The impact of Unsecured Medical Images is life-altering is worse than having your financial information stolen and in some cases, even life-threatening. Here’s why it matters your X-rays and other exam images are floating around unprotected on the internet and what you can do to protect your data and health.
The problem is well-documented. Greenbone found 24 million patient exams storing more than 720 million medical images in September, which first unearthed the scale of the problem as reported by ProPublica. Two months later, the number of exposed servers had increased by more than half, to 35 million patient exams, exposing 1.19 billion scans and representing a considerable violation of patient privacy. Yet despite warnings from security researchers who have spent weeks alerting hospitals and doctors’ offices to the problem, many have ignored their warnings and continue to expose their patients’ private health information. — Source
Thieves may compromise your health insurance benefits by using them for personal medical treatment, to file false insurance claims that pay the criminal, or to get equipment or drugs to resell for a profit. When an imposter fraudulently uses your health insurance, your legitimate claims may be denied. The company may flag or cancel your policy because of a suspicious number of claims or another person’s information on your record.
Medical identity theft, unsecured Medical Images can leave you with big bills for procedures, treatment and equipment you never asked for or received. For example, your stolen identity may be used so an imposter can receive medical care. When the hospital sends the bill for out-of-pocket costs not covered by insurance, those charges end up on your record.
Stolen medical identities can also be used to get prescription drugs that can be sold for a profit on the street. People who take opioids, ADHD drugs like Adderall or Ritalin, and benzodiazepines may be particularly enticing targets for criminals looking to turn an easy profit.
Healthcare practitioners need to operate with a heightened sense of cybersecurity and an awareness that they are likely in the sights of criminals. While patient care must always be the priority, there must also be a balance between the speed and security to ensure that patients’ privacy is also safeguarded.
Finally, practitioners can also take a further step by beginning to proactively scan for data leaks. Regularly scanning external sources such as dark web forums can identify data that has already been leaked in a timely manner. Not only will this help to contain the current breach, but it will also enable the IT and security team to work backwards and close the source to prevent further leaks.