An Urgent Plea From a Patient

Oct 24, 2024 at 09:51 am by steve


By Kristin Shoe

Like most families of four, mine has had its share of occasional appointments and procedures involving a medical clinic or hospital over the years. I am no stranger to HIPAA consent forms, health insurance benefits, and medical billing. Every single time, those visits require us to fill out forms that include birth dates, driver’s license and social security numbers, medical history, and other sensitive information. With my thoughts consumed by questions I have for my doctor or anxiety about having blood drawn, the last thing I want to worry about is whether my Personal Health Information is protected adequately.

Unfortunately, the statistics should worry every healthcare consumer. In 2023, health data breaches hit an all-time high, affecting as many as 133 million individuals. Last year, on every single day, there were an average of two attacks that affected more than 500 health records. The reality is that many more attacks occur among smaller clinics that often are not reported, despite a HIPAA requirement to do so. Often, these breaches prove to be much larger than initially thought, meaning that these statistics likely represent conservative estimates. 

We have all received data breach notifications in which our personal information has in some way been stolen, but medical records are by far the most valuable treasure for cyber criminals. These stolen records can be monetized in a variety of ways, including:

Clearly, a victim of any of these crimes could find himself in a tangled web of insurance problems, credit reporting errors, medical collections activity, and identity assassination. I once spent several months and many phone calls struggling to clear up a billing discrepancy between my provider and my insurance company over a legitimate claim. Imagine the problems posed by fraudulent claims filed under your insurance after a breach.

Unweaving and repairing the damage from cybercrime is stressful and time-consuming, often involving legal action to clear one’s name and recover damages. Sometimes the damage is permanent. In a 2023 breach at Lehigh Valley Health Network in Pennsylvania, for example, nude pictures of approximately 600 men and women, along with Social Security numbers and other personal information, were stolen and published across the Dark Web. The hospital recently settled with plaintiffs for $65 million for failure to protect highly sensitive health details. Many of the most deeply affected victims reported anxiety, sleep disruption, and anger. 

As a patient, I urge medical clinics, hospitals, and other healthcare companies to follow and to take seriously all security and HIPAA recommendations. Our IT/Security company meets regularly with healthcare clients and prospects, and unfortunately, I cannot say that this is always the case.  Comprehensive security and compliance offerings from our company are not inexpensive, but what does the revenue loss total if your clinic cannot function for two weeks because of a ransomware attack? How much do the resulting fines and lawsuit settlements cost? Can you even put a price on the resulting loss of reputation to your business?

If you’re ready to audit your security and compliance strategy, we can help.  Give us a call at (205) 623-1200 or visit www.sipoasis.com to learn more.

Kristin Shoe is the Director of Marketing for SIP Oasis.

Tags: Alabama alabama medicalnews Auburn Birmingham birminghammedicalnews blog Cullman healthcare healthcareIT Huntsville IT medicalpractice Mobile Montgomery SIP Oasis Tuscaloosa
Sections: Blog