How to Protect Yourself from Healthcare Data Breaches

Posted on July 13, 2023

As I do every day, I sat down with my morning coffee to go through inbox emails. Always paying attention to and being on the lookout for topics related to health care. Given that I live in Florida, this Florida Trend Headline caught my attention. Florida patients among 11 million affected by HCA Healthcare data breach

As I do every day, I sat down with my morning coffee to go through inbox emails. Always paying attention to and being on the lookout for topics related to health care. Given that I live in Florida, this Florida Trend Headline caught my attention.

Florida patients among 11 million affected by HCA Healthcare data breach

Unauthorized users posted data on roughly 11 million HCA Healthcare patients in 20 states, including Florida, to an online forum. The company believes the data was stolen from an external storage location to automate email messages.

“According to the company, an unauthorized party gained address to 27 million rows of data stored at an external location that is used to automate company email messages. The compromised data included patient names, cities, states, ZIP codes, dates of birth, telephone numbers, and email addresses, according to the company’s statement.”[i]

These breaches continue to impact the healthcare sector at alarming rates, even as healthcare organizations continue to adopt the last security solutions to keep pace with the influx of new cyber threats. The healthcare sector suffered about 295 breaches in the first half of 2023 alone, according to the HHS Office for Civil Rights (OCR) data breach portal. More than 39 million individuals were implicated in healthcare data breaches in the year’s first six months.[ii]

Healthcare data breaches can occur in various ways. These are some of the common types:

· Cyberattacks: This involves unauthorized access to healthcare systems or networks by external actors who exploit vulnerabilities to gain access to sensitive data. Examples include hacking, phishing, ransomware attacks, or malware infections.

· Insider Threats: Breaches can occur due to actions by individuals within the healthcare organization, such as employees, contractors, or vendors, who intentionally or unintentionally access, use, or disclose patient information without authorization.

· Physical Theft or Loss: This refers to incidents where physical devices or documents containing sensitive healthcare data, such as laptops, mobile devices, or paper records, are stolen, lost, or improperly disposed of.

· Third-Party Breaches: Healthcare data can be compromised through breaches that occur at third-party entities, such as business associates or subcontractors, who handle or have access to patient information on behalf of healthcare organizations.

· Insider Data Misuse: This type of breach involves the intentional misuse or unauthorized access of patient information by individuals within the healthcare organization for personal gain, financial fraud, or other malicious purposes.

· Unintended Disclosures: Breaches can occur when patient information is unintentionally disclosed to unauthorized individuals or entities through email errors, misdirected faxes, or other communications mishaps.

· System Misconfigurations: Inadequate security configurations or misconfigurations of healthcare systems, databases, or software can lead to data breaches if they leave vulnerabilities exposed to potential exploitation.

It’s important to note that these types of breaches are not mutually exclusive, and a single breach incident may involve multiple factors or methods. Even when healthcare organizations and their partners implement robust security measures, regular risk assessments, employee training, and strict privacy policies to mitigate the risk of data breaches and safeguard patient information.

As consumers, there are certain steps we can take to protect ourselves and mitigate the potential impact of healthcare data breaches. Here are suggestions and actions to consider:

1. Monitor Personal Health Information. Regularly review your medical records, explanation of benefits (EOB) statements, and any communication from healthcare providers or insurers. Be vigilant for any suspicious or unauthorized activities. Report any discrepancies immediately to your healthcare provider or insurance company.

2. Protect Personal Devices. Keep your smartphones, tablets, and computers secure with strong passwords or biometric authentication. Enable encryption and install reputable security software to safeguard your personal information.

3. Be Cautious with Sharing Information. Do not share personal health information online or in response to unsolicited requests. Verify the legitimacy of requests before sharing any personal data.

4. Secure Online Accounts. Use strong, unique passwords for your online healthcare accounts, and enable two-factor authentication whenever possible. Regularly monitor your accounts for any unauthorized access or suspicious activities.

5. Be Mindful of Phishing Attempts. Be cautious of phishing emails, text messages, or phone calls that request personal information or direct you to click on suspicious links. Be skeptical of unsolicited communications, particularly those that create a sense of urgency or alarm.

6. Report Suspicious Activity. If you suspect that your personal health information has been compromised or you become a victim of a healthcare data breach, report the incident to your healthcare provider, insurance company, or the appropriate authorities. Promptly reporting any potential breaches can help protect others and initiate necessary actions to mitigate the impact.

7. Consider Identity Theft Protection. Consider subscribing to identity theft protection services that monitor your personal information and provide alerts for any suspicious activities related to your healthcare data.

8. Stay informed. Pay attention and stay updated on news related to healthcare data breaches and security incidents. Follow reliable sources such as official healthcare organizations, government agencies such as the U.S. Department of Health and Human Services (HHS.gov), National Institutes of Health (https://www.ncbi.nim.nih.gov.), and reputable news outlets can provide valuable and up-to-date information.

It is important to note that while we can take proactive measures to protect our health information, the primary responsibility for preventing data breaches lies with healthcare organizations, providers, and relevant authorities. By advocating for stronger data security measures and supporting regulations prioritizing patient privacy, we can contribute to improving healthcare data protection.

[i] Christopher O’Donnell, Florida patients among 11 million affected by HCA Healthcare data breach. July 10, 2023. Florida patients among 11 million affected by HCA Healthcare data breach (tampabay.com)
[ii] Biggest Healthcare Data Breaches Reported This Year, So Far. June 26, 2023. https://healthitsecurity.com/features/biggest-healthcare-data-breaches-reported-this-year-so-far