Welcome back to Week 3 of Cybersecurity Awareness Month. This week we are discussing securing Internet-connected devices, specifically in the realm of healthcare.
Healthcare records are some of the most sought-after items sold on the dark web.
The industry is highly profitable because these records contain detailed personal information allowing the criminals who obtain them to commit healthcare fraud, identity theft, and prescription theft, to name a few.
On top of this pre-existing risk, this year has introduced a rapid set of changes as healthcare attempts to catch up with technology. Innovation in wellness apps, telemedicine, and the emergence of electronic health records have revolutionized the way we interact with our doctors and care team -- but the big question is:
Is it secure?
In the United States, information security in the healthcare industry is controlled by the Health Insurance Portability and Accountability Act, commonly referred to as HIPAA.
HIPAA (along with the additional requirements passed into law as part of the HITECH act) creates a set of rules to keep your health information secure and private. Each care provider must follow these rules in order to protect you from threat actors.
Though providers must follow the rules, this doesn’t mean the devices you use to communicate with those providers are automatically protected. Assuring the security of your devices are your responsibility, so let’s talk about some ways you can accomplish this.
To ensure communications with your care team are protected, if possible, use your provider’s application or platform to send and receive messages (platforms like PowerChart or MyChart). Don’t use email unless you have a method to encrypt the message. Calling your provider is always safe, but texting has a small risk of being intercepted.
If you use home automation technology like Google Assistant or Alexa, be aware of the security compliance of your device. For example, Google Assistant is not HIPAA compliant, while Amazon’s Alexa is compliant.
Telehealth is the use of electronic information and telecommunications technologies to support long-distance clinical health care, patient and professional health-related education, and public health and health administration. Nowadays, telehealth has become much more common as it enables remote healthcare offerings.
Telehealth is generally secure as it most commonly operates via the provider’s secure platform we discussed in the previous section, but you should still ask your provider if it is HIPAA compliant. If you record your session, make sure you are storing the recording in a safe place, and turn on 2-factor authentication for your login if it’s an option.
Some patients receive care via Internet connected devices like glucose monitors, pacemakers, and automated insulin delivery systems. If you use one of these devices, make sure you are using a strong and unique password, and ask your healthcare provider to verify the device is updated regularly.
Beware of Email
Phishing is still the number one way threat actors try to steal personal information. Emails from your healthcare provider will most likely route directly to their secure platform, not email messages from your provider directly.
Never click on links that are sent through the email, especially if something looks a little off. To be safe, call the sender to make sure the communication is genuine.
Health records have great value and are being stolen constantly for criminal use. Your doctor is doing what they can to protect your information; make sure you are following these recommendations to do your part as well.
Next week we will finish our series with a discussion about The Future of Connected Devices.
If you missed the two previous emails in this series, please use the links below to catch yourself up:
#1: Why Protecting Your Internet-Connected Devices at Home is Important
#2: Securing Devices at Home and Work