Collector - July 2017 - 30


Healthcare Data at Risk
Is your PHI protected from data security threats?
By Chris Byers


n a 2014 report, McAfee Labs found
that medical records were 10 to 20 times
more valuable to hackers than a credit
card number because they held copious
amounts of sensitive personal data.
Unfortunately, not much has changed
in the intervening years. Hackers are
still targeting electronic protected health
information (PHI) and each week we hear
about a new healthcare data security breach.
In one incident, a Southern California
hospital was forced to pay a $17,000 ransom
to have its network restored. In another, a

In one Independent Security Evaluators
experiment, IT security consultants
infiltrated a computerized medicine
dispensary by dropping off malware-filled
USB sticks stamped with the hospital's logo.
In another, the same team filled patient
portal form fields with malicious code to be
triggered when viewed by a doctor or nurse.
Mobile security (or lack thereof) is also
to blame. A 2016 study found that eight in
10 Google Play diabetes apps lacked privacy
policies, and a recent survey of healthcare
professionals found that more than 80 percent

cyberattack breached 3.7 million patient
records. In 2016 alone, the healthcare
industry averaged nearly four data breaches
per week.
Healthcare data is at high risk, which
means it's a critical time for Health
Insurance Portability and Accountability Act
compliance, Web form security and other
healthcare IT measures. Here's what you
need to know.

are fearful of mobile cyberattacks involving
blastware, ransomware and malware.

Most healthcare data hacks begin with an
unsuspecting employee doing something as
simple as opening an email attachment from
a legitimate-looking address or viewing a
patient record over an unsecure network.


Access to PHI is a hacker's dream. A
single medical record offers countless
black market opportunities, including
prescription abuse, insurance fraud and
identity theft. Healthcare providers often
lack the sophisticated backup systems that
are common in other industries, which
make them prime targets for cybercrime.
As a result, the Brookings Institution has
predicted that one in 13 patients will be
impacted by provider data breaches by 2019,
in part because federal mandates forced so
many practices to adopt electronic health

records before they were ready to adequately
invest in IT security. According to the report,
it's not uncommon for facilities to share
large sets of data because they lack the time
and resources to filter out who should have
access to patient information.

For starters, choose your vendors carefully.
Web forms must be HIPAA compliant,
privacy policies should be in place and
digital tools should meet high security
standards. Healthcare institutions must
understand that their patients' data is
incredibly valuable. At the very least, they
need the same security measures now
protecting other sectors.
Bottom line: It's up to each healthcare
organization to take steps to ensure its PHI
is secure. Instead of assuming your vendors
have a variety of security measures in
place to safeguard medical information, be
prepared to ask questions such as:
* How are emails and Web traffic
* How is "at rest" data protected?
* What steps are you taking to ensure we
remain HIPAA compliant?
* What security measures, such as SSL
and advanced password protections like
2FA, are available for online forms?
* How is information protected as it flows
from one user to another?
Taking the time to think through these
issues and implement the appropriate data
protection programs is essential to the future
of PHI security.
Chris Byers is the CEO of Formstack, an
Indianapolis-based company offering an online
form and data-collection platform. Prior to
Formstack, Byers co-founded an international
nonprofit that was built via remote relationships
among partners in Europe, Africa and the U.S.



Table of Contents for the Digital Edition of Collector - July 2017

Industry News
Best Practices
Collection Tips
What’s in Your Policy?
State Licensing Laws: What’s New and Trending
The Question of Rule 68
Honor Roll
Healthcare Data at Risk
ACA Members Meet in D.C. to Advocate on Behalf of Industry
Fixing What’s Broken
Credit Listening Considerations
U.S. Supreme Court Hands Collection Industry a Win in ACA-Supported Case
ACA SearchPoint
Last Word
Collector - July 2017 - Cover1
Collector - July 2017 - Cover2
Collector - July 2017 - 1
Collector - July 2017 - 2
Collector - July 2017 - Upfront
Collector - July 2017 - Industry News
Collector - July 2017 - 5
Collector - July 2017 - 6
Collector - July 2017 - 7
Collector - July 2017 - Best Practices
Collector - July 2017 - 9
Collector - July 2017 - FYI
Collector - July 2017 - 11
Collector - July 2017 - Collection Tips
Collector - July 2017 - 13
Collector - July 2017 - What’s in Your Policy?
Collector - July 2017 - 15
Collector - July 2017 - 16
Collector - July 2017 - 17
Collector - July 2017 - 18
Collector - July 2017 - 19
Collector - July 2017 - State Licensing Laws: What’s New and Trending
Collector - July 2017 - 21
Collector - July 2017 - 22
Collector - July 2017 - 23
Collector - July 2017 - The Question of Rule 68
Collector - July 2017 - 25
Collector - July 2017 - 26
Collector - July 2017 - 27
Collector - July 2017 - Calendar
Collector - July 2017 - Honor Roll
Collector - July 2017 - Healthcare Data at Risk
Collector - July 2017 - 31
Collector - July 2017 - ACA Members Meet in D.C. to Advocate on Behalf of Industry
Collector - July 2017 - 33
Collector - July 2017 - 34
Collector - July 2017 - 35
Collector - July 2017 - Fixing What’s Broken
Collector - July 2017 - 37
Collector - July 2017 - 38
Collector - July 2017 - 39
Collector - July 2017 - Credit Listening Considerations
Collector - July 2017 - 41
Collector - July 2017 - U.S. Supreme Court Hands Collection Industry a Win in ACA-Supported Case
Collector - July 2017 - 43
Collector - July 2017 - Compliance
Collector - July 2017 - 45
Collector - July 2017 - ACA SearchPoint
Collector - July 2017 - 47
Collector - July 2017 - Last Word
Collector - July 2017 - Cover3
Collector - July 2017 - Cover4