Data security breaches on electronic devices at healthcare facilities can prove costly.

Personal devices pose security threat for patient information

Stephen Perkins

Physicians, dentists and other medical professionals will have to remain extra vigilant in guarding against any breaches to their online data backup under new guidelines for the Health Insurance Portability and Accountability Act.

The revised law gives healthcare providers until Sept. 23 to migrate their patient records to an cloud-based data backup service and promises to impose heavy fines on physicians and the online backup services they use if a data breach compromises patient records.

A recent study by Verizon found that while 95 percent of data breaches that occurred in the healthcare industry over the last two years came from outside sources, most breaches occur not at the remote backup site but rather at point-of-sale servers and terminals that medical professionals use to enter data into their records.

Despite standards that are meant to limit data storage of credit card information on these devices, medical professionals still use them to enter data into offsite data storage. Attackers can compromise these devices by looking for vulnerabilities and inserting backdoors or malicious software such as keyloggers into the system to gain access to unencrypted payment information.

Medical professionals need to be aware of these threats and take action to protect the data of their clients, Denise Amrich wrote in ZDNet. While there were some breaches noted in the Verizon study that targeted patient healthcare records, the majority of the data storage breaches involved financial information.

"While these results may be hard to believe initially, remember that doctors' offices and small clinics (which were the majority of those organizations breached) tend to take in real money in the form of credit cards, cash and checks for both self-pay customers and for the co-pay portion of the visit cost," Amrich wrote. "So, while insurance companies are reimbursing some of the expense, the amount that the insurance carriers leave on the table has become quite attractive to organized criminals."

Categories: Cloud Backup, Data Protection, Online Backup, PC Backup, Server Backup