Health Data Breach Update: What Are the Causes?
Phishing Still a Major Culprit, But Other Challenges Emerge
… “Hackers have stepped up their efforts during the pandemic – tricking people – especially telecommuters who may be new to the ‘work at home’ concept – to click on a link, open an attachment, download an app, etc.,” says Tom Walsh, president of consulting firm tw-Security.
… “We cannot presume to know the reason for the doctor moving to a different organization, but what is often not mentioned in any type of privacy or security training is ‘whose information is it, anyway?”’ says Susan Lucci, senior privacy and security consultant at tw-Security.
“Some providers may assume that once they treat patients, they have rights to all their information. It appears that in this case, the physician downloaded only information that would be beneficial to alert the patient of the physician’s new practice, not that it was downloaded for continuity of care. The personally identifiable information belongs to the facility, and they have a duty to protect it. Release of any confidential information must take place through appropriate channels and authorization.”
… The COVID-19 crisis also raises the possibility of new insider breaches, Walsh says.
“Users will snoop to determine if anyone they know has tested positive for COVID-19,” he says. “Also, because of isolation of patients within the hospital, some may resort to snooping the EHR to find out a condition of a patient that is a relative, friend, co-worker or neighbor.”