When it comes to healthcare records and PHI—personal health information—your business should already be very careful about data storage and access, whether the records are stored digitally or physically. But chances are you’re already well aware of that.
What you may not know is this incredible fact: a single medical record is worth an average of $50 on the black market—more than a credit card, personal identity, and social security number combined.
Values of Personal Information on the Black Market
To help break this down, first check out the following list of the black market values of basic personal information:
- Medical record: $50
- Name and password for online bank account: $1000
- Mag-stripe data from credit card: $80
- Mother’s maiden name: $6
- Social security number: $3
What’s more, here are some startling statistics on health data breaches:
- Health data breaches in the U.S. increased 97 percent in 2011 over the year before
- In 2011, a total of 385 incidents across all 50 states affected over 19 million people
- The average cost of resolving a case of medical record theft in 2011 was $20,663
- The annual economic impact of such breaches could be as high as $7 billion
Data breaches of personal health information, then, aren’t just a small problem: they’re practically an epidemic. With about 255 health information exchanges—computer networks designed to keep your PHI within easy reach to doctor’s offices across the nation—in the United States, criminals now have a new target, one that’s good by design but could be deadly in the wrong hands.
Laws surrounding PHI storage and destruction are very strict, and for good reason: in gaining access to a person’s health care records, a hacker has “in one fell swoop, acquired almost full reign of a person’s identity.” With that in mind, it’s easy to understand why PHI is so valuable on the black market.
Luckily, there are measures a company can put in place to help prevent such attacks, keeping medical records out of the wrong hands. Alex Horan, the senior project manager at CORE security, recommends that your company do the following:
- Implement password guidelines
- Deploy a prioritized security, privacy, and vulnerability assessment
- Pinpoint exact vulnerabilities by targeting key systems which involve patient data
- Proactively ensure awareness against social engineering
- Establish clear policies on data storage and encryption
And of course, one of the most important steps to securing personal information your company may hold is to securely destroy old data and information with a certified service provider, like DataShield. Develop a process that enables secure destruction of sensitive information.
We Can Protect Your Personal Information
In doing all of the above, your business should be relatively safe from any data breaches involving PHI. To make sure, though, contact DataShield today: our compliance consulting services will make sure that your company has the best measures in place for avoiding such attacks, keeping your business safe and keeping the PHI you manage in the right hands.
