Posted by Kalyani M. on May 30, 2013
While most industries have flocked to the convenience and cost savings of the cloud, health-care providers and hospitals have been slow to adopt. Even the fastest growing medical cloud service only represents less than 5 percent of the physician market. But the wariness of medical providers to employ cloud services makes sense given HIPAA pressures and the threat of third-party attacks. In a recent survey by CFO Research Services, 75 percent of respondents had experienced financial loss and workflow interruptions as a result of third party attacks. And the Russian-Ukrainian cyber gang known as Best Inc. recently stole more than a million dollars from a hospital in Washington.
Patients should know that hackers could and have attacked hospital databases to exploit patient records for extortion. But with the growing threat of hacking and extortion, medical offices and hospitals can properly secure sensitive patient data through anonymous and private cloud storage. Such precautions are necessary when given the prevalence of hospital hacking and even internal data theft.
In 2011, a disgruntled employee at Florida Hospital had accessed the private records of over 700,000 patients. Of these records, 12,000 victims of car accidents had their data sold for chiropractor and attorney services, literally adding insult to injury. And in 2012, Crescent Healthcare had their computer hardware stolen, which contained Personal Identifying Information and Patient Health Information, resulting in a HIPAA Violation notification. Such, cases could have been avoided had proper internal IT policies been established and observed while securing patient data through a fully anonymous and encrypted cloud service.
Take the case of the dermatology doctor from Surgeons of Lake County whose office computer system was hacked. The attackers breached the practice’s server, seized patient data, and attempted to extort the practice by demanding a ransom. As electronic health records and electronic medical records become the new standard in patient data storage, such attacks will only become more widespread unless the industry as a whole addresses the issue of securing patient privacy.
According to the Secretary of the Department of Health and Human Services, almost 21 million people have had their electronic medical records or electronic health records stolen or breached in the past three years. The biggest data breach was in the case of TRICARE, a healthcare program for Armed Forces members and their families. The medical subcontractor lost the records of nearly 5 million people, revealing the necessity of private data backup. If TRICARE had employed a private and anonymous cloud service, such private patient records would have been backed up and protected through encryption.
Shockingly, governmental health institutions are just as ignorant of proper security measure as some sectors of private healthcare. In 2013, hackers traced to Eastern Europe seized the private medical records of 780,000 Utah residents from the Utah Department of Health. And even medical insurance companies have been breached, as in the case of major insurance providers like Health Net and Blue Cross Blue Shield, resulting in the potential exploitation of millions of individual patient records.
Patients, consumers, and citizens should demand that their private health records be kept private from hackers and even disgruntled employees looking to make a quick buck off selling medical records. And healthcare providers, insurers, and governmental health organization should proactively seek security solutions to the glaring gaps that currently leave patient records wide open to hacking and data exchange. Shifting private records to an anonymous cloud service can ensure that sensitive information is kept truly private, protecting both patients and providers.
Privacy for Patients
For true user privacy, only anonymous cloud storage and sharing services like SpiderOak provide all the convenience and savings of the cloud while guarding against hacking and security breaches. SpiderOak is a cloud storage and sharing service that offer data backup and syncing services. It stands out from the crowded cloud market by featuring complete data privacy and user anonymity. Through 256-bit AES encryption and two-factor password authentication, SpiderOak makes sure that medical records, folder names, file names, and passwords cannot be read or even accessed by SpiderOak and its employees.
As for two-factor authentication, this is just like the process used with some banking and financial services that require a PIN or correct answer to a secret question as an extra precautionary measure. For SpiderOak, this means submitting a private code through SMS in addition to the encrypted password to log in. Once successfully logged in, medical providers can store and share data with 100 percent privacy, as SpiderOak has “zero-knowledge” of uploaded data and plaintext encryption keys. This means that the company and its employees don’t even have access to user passwords. Instead, the data encryption key for individual passwords is exclusively stored on each user’s computer. This way, every bit of patient data is kept fully anonymous. SpiderOak’s services are available with Windows, Mac, and Linux desktop environments, along with Android and iOS mobile platforms, granting health care providers flexibility along with security.