Why Many Healthcare Workers Cause Medical ID Theft



Medical identity theft is skyrocketing. It’s the fast-growing trend in ID thievery.

Health-care providers apparently can’t trust their employees to use best practices in observing The Health Insurance Portability and Accountability Act (HIPAA), which has been in effect since 1996.

You hear the acronym a lot in healthcare.

However, at issue is whether health-care workers keep their mobile devices secure, according to the 2013 HIMSS Security Survey.

ID-10087486Security breaches often occur at nurses’ stations and behind reception desks because of snooping my employees with financial and medical identity theft not far behind.

Hospitals are securing their devices. But most employee devices aren’t secure, and 88 percent of respondents in a Benchmark Study on Patient Privacy and Data Security say employees are allowed to use their private mobile devices to access patient records.

The growing trend of allowing employees to BYOD — bring their own devices — isn’t healthy. It’s bad for the medical profession as well as for other sectors.

More than half — 53 percent — of surveyed global businesses admit they’re not ready to defend against attacks on their employees’ personal devices.

Nearly all say their devices might have been attacked, according to a 2014 study (see Do BYOD Headaches Outweigh Benefits? Yes.)

Employees ostensibly assume their iPhone and Android devices are secure, but they’re not. (See: Surprise — Cyber Criminals Chew up Apple Products, too and Who Profits from Android’s Security Issues? Not Users.)

The problem of medical identity theft has been growing for years.

Data shows it adversely impacted 1.42 million Americans in 2010. That’s according to a 2011 study by PricewaterhouseCoopers (PwC) that shows medical ID theft aggregately cost more than $28 billion.

“The root cause of the fraudulent use of someone else’s medical identification is that protected medical information is widely dispersed in multiple information systems where it all too often is inadequately secured,” says nationally known security expert, Stan Stahl, Ph.D.

He’s president of Citadel Information Group, Inc. in Los Angeles, and he authoritatively writes about security issues on his blog.

MedPage Today sheds a bright light on the issue in this article: Medical Identity Theft a Growing Problem.

It reported the three most-common identity breaches:

1. Employees who act unprofessionally – improper use of patients’ data in doctors’ offices, hospitals, insurance company and life sciences companies. They’ve even been caught posting comments about patients on Facebook.

2. Almost 40 percent of hospitals and physicians report they have caught patients using another person’s identity when they seek treatment.

3. Twenty-five percent of insurance companies acknowledge the improper transfer of information in patients’ health files. Unauthorized persons viewed such files.

“Every organization that collects or stores personally identifiable medical information – hospitals, doctors, clinics, pharmacies, billing offices, insurance companies, even employers – has a legal and ethical obligation to properly secure that information,” asserts Dr.Stahl.

In public reports, theft was responsible for 66 percent of medical ID breaches in the recent years. The thefts include notebook computers, smartphones, using another person’s personal information for fraudulent claims, and people using others’ names.

Security breaches often occur at nurses’ stations and behind reception desks because of snooping my employees with financial and medical identity theft not far behind.

More shocking news

Authors of the PwC study indicated most healthcare organizations aren’t equipped to prevent medical ID theft – despite the growing use of information technology in the medical profession.

“Most breaches are not the result of [information technology] IT hackers, but rather reflect the increase in the risks of the knowledgeable insider related to identity theft and simple human error – loss of a computer or device, lack of knowledge or unintended unauthorized disclosure,” said James Koenig, director of the Health Information Privacy and Security Practice at PwC in a press statement.

More than 50 percent of the study’s respondents who work for healthcare organizations said they have known of at least one privacy breach since 2009.

“Doctors need to take measures to assure their patients are who they say they are,” recommends Dr. Stahl. “That can include checking referrals.”

What can patients do?

“Patients need to treat their medical information with the same care that they treat their financial information, including periodically checking with their insurance company to identify fraudulent activity,” advises Dr. Stahl.

The PwC study indicated that most healthcare organizations admit they haven’t even begun to adequately deal with privacy and security issues in this digital-information age.

Obviously, as a business-performance consultant, here’s my sense:

1. The medical profession should emphasize and implement stronger security precautions.

2. All medical employees should undergo privacy-confidentiality sensitivity training.

After all, shouldn’t healthy precautions be part of medical care?

From the Coach’s Corner, you might consider these security-resource links:

How to Enhance Security in Your Company’s Wireless Network — Do you take it for granted that your wireless network is secure? Don’t make that assumption. Wireless routers present dangers. Your router is vulnerable to hackers and, hence, security issues. If you’re really serious about security, WIFI might not be for you. A wired network might be more desirable.

BYOD, Mobile-Banking Warnings about Security Prove Prophetic — Not to be gauche, but in 2009 you saw the Internet security warning here first – mobile banking is so risky an IT security guru said don’t do it. The warning was prophetic.

Security Precautions to Take Following Citibank’s Second Reported Online Breach — Citibank’s admission that private information of 360,083 North American Citigroup credit card accounts was stolen by hackers in 2011, which affected 210,000 customers, serves as a warning for all businesses and consumers to take precautionary steps. The bank’s May 2011 security breach wasn’t reported until weeks later.

11 Travel Tips – Save Money, Prevent against Cyber Theft, Fraud — The most vulnerable travelers are businesspeople. That’s because they have to use Internet and e-mail. They’re in danger expressly from vulnerabilities, such as from wirelessly accessible passports to using WIFI.

“If you reveal your secrets to the wind, you should not blame the wind for revealing them to the trees.”

-Kahlil Gibran


 __________

Author Terry Corbell has written innumerable online business-enhancement articles, and is a business-performance consultant and profit professional. Click here to see his management services. For a complimentary chat about your business situation or to schedule him as a speaker, consultant or author, please contact Terry.





Photo courtesy by imagerymajestic at www.freedigitalphotos.net

How China-Google Controversy Affects Business, Government Security



Updated March 13, 2015


There were more fireworks between China and Google on the 25th anniversary of the 1989 Tiananmen Square Massacre last year. It was from Chinese state media aimed at Google, Apple, Yahoo, Microsoft, Cisco Systems and Facebook.

The Chinese journalists wanted the government to “to punish severely the pawns” of the U.S. government. The tech firms are accused of spying on China.

It wasn’t entirely clear why the attacks were launched by a People’s Daily microblog and the English-language, China Daily. But my sense it was a smokescreen by China to dilute the renewed negative PR damage from the Tiananmen Square Massacre.

Ostensibly, it was related to the revelations by former U.S. National Security Agency (NSA) contractor Edward Snowden. You might recall his publicizing NSA’s widespread spying program.

The security issue between China and Google had quieted down after it appeared to be taking on new ramifications – threatening proprietary information for business and government agencies, if they do business with the giant search engine.

When Google was hacked in 2009 by cybercriminals in China, they stole a computer program that managed access to Google’s programs, according to a New York Times article.

In the past, Google has denied hackers were able to access personal information from Gmail accounts, but the search engine did not respond to The New York Times report.

Cloud services

“As the story makes clear, businesses considering cloud services like those offered by Google, Amazon and others must ‘look before they leap’,” warns Internet security expert Stan Stahl, Ph.D., Citadel Information Group, Inc. (www.citadel-information.com).

“While it’s probably obvious to look at the security provided by the cloud provider, less obvious is that the business needs to also look at that part of security that will still be its responsibility, the part of security that the cloud service provider isn’t providing,” says Dr. Stahl, as the go-to security authority.

“Security can never be a matter of looking at ‘this’ or ‘that.’ Security must always be about looking at ‘this’ and ‘that’,” he adds.

Two key questions

As a management consultant, I wonder about two other questions:

  1. What about the privacy of Google’s services, and business and government agencies?
  2. Is the threat to Google’s business model more severe than first thought?

Google’s services for the private and public sectors are not limited to the following but they include:

  •  AdSense is a platform for publishers to generate income by displaying a bevy of click-through advertisements, but Google requires sensitive information in order for publishers to receive payment. Google’s AdSense automatically inserts display and text ads, which are frequently changed.
  • Google Analytics is a service that helps Web site owners to understand how they’re faring with visitors , such as how they reach your Web site and what they visit.
  • AdWords is a sponsored links section. It’s the largest service of its kind and Google has the No. 1 market share.
  • Merchant Center uploads product listings in for use in a variety of ways. They include AdWords ads, Google Search, Google Product Search, and Google Commerce Search.
  • Checkout helps businesses increase sales by selling online.
  • Website Optimizer, with access to sites, tests content in order for publishers to optimize the conversion rates of their visitors.

(Disclosure: This business portal uses Google’s AdSense.)

Google’s “Gaia”

There are other Google services, but you get the idea.

The news article provided more alleged details including Google’s “Gaia.” That was Google’s stolen password system. Gaia is the Greek mythological goddess of earth. Gaia managed the entry to its services for the private and public sectors.

For more of the report’s details, see: Cyberattack on Google Said to Hit Password System

If The New York Times article was accurate, and my sense is that it was, businesses and public agencies doing business with Google might want to consider a security-needs assessment by a qualified expert.

The U.S. hasn’t been the only country to have complained about Chinese hackers.

British defense firm BAE Systems was hit by sophisticated Chinese online attacks more than 300+ times annually, according to a published report: British defence giant blames Chinese hackers for wave of cyber attacks.

Considering China’s size and record of hacking, this has also been a bigger threat to Google’s business model than we first believed. Its share of the Chinese search market plummeted to less than three percent after being forced to leave some years ago.

And ramifications remain for other businesses and governments.

From the Coach’s Corner, here are links to Internet security tips:

Security Precautions to Take Following Citibank’s Second Reported Online Breach – Citibank’s admission that private information of 360,083 North American Citigroup credit card accounts was stolen by hackers in 2011, which affected 210,000 customers, serves as a warning for all businesses and consumers to take precautionary steps.

Has Security Bloom Fallen off the Rose for Macs? – For years in terms of security, Windows has been considered inferior to Macs. But no longer thanks to malware security epidemics.

Tips For Internet Security to Prepare you for New Cyber Attacks – Do you need more evidence to be diligent in using best practices for security on the Internet? Internet attacks have been impacting businesses, with the majority of them reporting significant effects in the form of increased help desk time, reduced employee productivity and disruption of business activities.

“Diligence is the mother of good luck.”
-Benjamin Franklin 

__________

Author Terry Corbell has written innumerable online business-enhancement articles, and is a business-performance consultant and profit professional. Click here to see his management services. For a complimentary chat about your business situation or to schedule him as a speaker, consultant or author, please contact Terry.

Seattle business consultant Terry Corbell provides high-performance management services and strategies.