Special Report: Is your information safe at the doctor's office?
In the wake of major data branches in the last few years, you may be more hesitant to give out personal information. There is one place you don't have a choice, however - the doctor's office. As it turns out, dozens of companies could have access to those files. Now, there's an easier way to track breaches.
"It's approaching, I would say, crisis-level almost," said Bruce Boyden, Associate Professor of Law at Marquette University.
A crisis that is impacting more than 17 million people in the United States in 2017.
"It's gotten to the point where just about everyone has been victim to an intrusion that has breached their personal information in some way," said Boyden.
Healthcare companies are required to report breaches by mail to everyone impacted, but there's an easier way to track those in just a few clicks.
The Health and Human Services Office for Civil Rights (HHS OCR) updated its online breach reporting tool this year to make it easier for consumers to track breaches and for healthcare organizations to report them.
As of November 3, in Wisconsin, there have been 11 large breaches impacting more than 100,000 people.
When you hear the term breach, hacking might come to mind. Theft is actually the most common, according to HHS OCR. Of breaches impacting more than 500 people, 39% are theft, 27% are unauthorized/access or disclosure, 18% are hacking/IT, 8% are loss.
Not all breaches are malicious. Boyden says unauthorized disclosure could be an employee looking at files without the proper credentials. Theft may or may not be for the files within the equipment. Regardless, it has to be reported.
"For every major breach you hear about on the news, there are probably 100 smaller breaches," said Boyden.
Most, if not all, of your medical records, are stored online, which makes way for increased cyber security threats.
"It's a gargantuan task to try to ensure all of that information is secure at all times," said Boyden.
As for what's being done to protect those records, CBS 58 reached out to local healthcare organizations who have been breached.
UW Health says: Although the breaches we experienced affected a small proportion of our patient base and did not involve financial data, we use these examples, as well as the numerous breaches incurred by our peer institutions, as incentive to continually protect our patient information by maintaining and enhancing a robust privacy and security program. We are committed to continual vigilance to reduce the risk of HIPAA information breaches taking place.
Aurora says: Aurora takes patient privacy seriously. In December 2015, one of our business associates, the American College of Cardiology, inadvertently disclosed some patient information to a vendor, affecting 1,400 institutions nationwide. We have no knowledge that the information was used for inappropriate purposes, and to prevent a similar reoccurrence, the ACC noted its comprehensive security awareness program focused on privacy and security, and provided us with a summary of steps it has taken to prevent this from happening again. We also offered, as a precautionary measure, one year of free credit monitoring and identity protection services in support of the individuals potentially affected, and we continue to monitor our vendors’ privacy and security measures as part of our Compliance and Integrity program.
And on its website, Briggs & Stratton said: Because we are committed to protecting your information and the information of your health plan dependents andinsurance beneficiaries, we have made arrangements to provide individuals with credit monitoring and identity theft services. You will automatically be provided with identity restoration services and may also opt to enroll in daily credit bureau monitoring. These services will be available to you for one year, at no cost to you.
New threats are constant, and in order to fight future breach battles, an educated workforce is essential.
"There's a tremendous need for professionals to be trained to take on the roles that are necessary," said Tom Kaczmarek, the Director of the Center for Cyber Security Awareness and Defense at Marquette. He's preparing students in Milwaukee for careers in cyber security to fill an impending void.
"People are talking about 2 million open jobs in 2020," said Kaczmarek.
As more businesses and records become digitized, Kaczmarek says more information is at risk.
"It's just more places that things can be attacked, and there are more people that need to be aware when they build those products, to build security into them."
Here's what you can do to protect yourself:
- Check your credit and bank statements regularly.
- Keep a close eye on your doctor's bills, statements, and explanations of benefits.
- If something looks suspicious, ask.
- Put a freeze or fraud alert on your credit if you are unsure of something.
To see all breaches reported within the last 24 months, click here.