We all know that identity theft is a growing problem, and many of us have faced it personally. Once a person’s identity is stolen, it is a costly and time-consuming process to get our identity back. Often it takes months to get it all straightened out, and if you have to get professional assistance to do it, you are looking at thousands of dollars. There are services out there that can monitor your credit and prevent ID theft before it happens, but they are also costly.
Related post: Background Check for Small Businesses
One of the top three industries being hacked, having your information stolen and sold, is the healthcare industry. Healthcare is an easy target. Its security systems tend to be less mature than those of the finance and tech industries. The healthcare industry only spends, on average, 2-3% of their annual budget on information security. The financial and tech industries spend more than double that amount. Your medical records contain nearly all of the information needed for thieves to steal your identity, from your address, full name, and Social Security Number, right down to credit card numbers. You would think with all of the privacy practices in place it would be hard for this to happen, but considering how many people can access your medical records at the hospital alone, you would be surprised. That’s just the people who should have access, and they’ve been fingerprinted and had a background check before they ever gained that access. Unfortunately, not everyone who has access to your information has been. Hackers can take your private information and make good money selling it.
To get a look at how big this problem really is, IDC’s Health Insights group predicted that one in three healthcare recipients would be the victim of a medical data breach in 2016. In the last two years, 89% of healthcare industry reported one or more data breaches -with 79% reporting two or more. The common data types are medical records, followed by billing and insurance records. The average cost of a healthcare data breach is about $2.2 million.
At one healthcare company, hackers were able to steal the information of 80 million people by using the login credentials of only 5 employees. The information being stolen was mainly patient’s Social Security Numbers, addresses, credit card numbers, and full names. All of the information needed to steal their identities. Investigators believe the hackers compromised the tech worker’s security through a phishing scheme that tricked the employee into revealing their passwords or downloading malicious software. Using this login information, they were able to access the company’s database and steal files. Luckily the hackers were found in the system and their efforts were stopped.
Related post: FingerPrint Analysis
The healthcare industry as a whole has been looking into ways to make your information more secure for years, and with the help of biometrics may have found a way to do it. By making everyone who needs to have access to patient medical information log-in to their computers using their fingerprints, it makes it nearly impossible for a hacker to get into the system. Hackers typically access the system by figuring out the passwords used to access it and by no longer using passwords they have a much harder time getting in. Since all healthcare workers have to be fingerprinted before being hired to work, implementing biometric fingerprint scanning instead of using passwords or ID badges to log-in and out of computer systems wouldn’t be that difficult. Using digital fingerprint scanning on all computer terminals would also be easier on healthcare workers because it would take less than two seconds to log in to the terminal instead of the time it takes to swipe an ID badge, which is easily misplaced or enter a long complicated password. The cost of the fingerprint scanner at each computer terminal would be costly, but not nearly as costly to them as a data breach would be.
Other options being explored are using computer behavior analysis that tracks what each person does on each computer, and analyzing that behavior and sending an alert when the person’s behavior deviates. Whether that’s by using a terminal they have never used before, accessing a different part of the system, or logging in from unknown locations. All of that is great, but it’s finding a problem after it has occurred.
It would make the system even more secure if they were to combine behavior analysis with biometric fingerprint scanning