You are here

Social Media Posts Put Hospitals at Risk of Cyber Attacks

Hackers mine online photos for sensitive data

The age of social media has put hospitals and health systems in the difficult position of trying to ensure that pictures posted online don’t inadvertently expose patient data or give hackers enough information about a physician to gain access to login credentials, according to an article posted on the FierceHealthcare website. The news source interviewed Don Lindsey, vice president and CIO of Tallahassee Memorial Healthcare, at the Healthcare Information and Management Systems Society (HIMSS) 2017 conference in Orlando, Florida.

The most common problem, Lindsey said, is the resident-turned-physician who proudly posts a picture of his or her badge online. Hackers can use the badge information, combined with social engineering, to impersonate that clinician and gain access to the hospital’s medical records, he pointed out.

Lindsey told FierceHealthcare that his facility is looking to partner with local colleges and universities to provide education to incoming doctors and nurses, along with real-world examples of social media posts that could expose the hospital to a breach. Meanwhile, the hospital’s in-house training serves as the primary barrier against clinicians posting their information online.

“The human factor is the hardest part,” he said. “You’re only as good as your security-awareness training program.”

In related news, HealthLeaders Media reports that health care data breaches in the U.S. have risen by 40% since 2015.

Last month, a U.S. attorney announced federal charges against more than 100 suspected health care fraudsters in Florida. One of them, a former secretary at the Jackson Health System, was accused of stealing the Social Security numbers of more than 24,000 patients over the course of five years. She was placed on administrative leave in 2016.

According to a recent report from the Identity Theft Resources Center (ITRC), a nonprofit group located in San Diego, California, the health care/medical industry experienced 377 data-breach incidents in 2016, behind only the business sector in the number of incidents. The health care industry represented 34.5% of the 1,093 breaches reported among the five industries tracked in the report.

According to data provided to HealthLeadersMedia by the ITRC, hacking was the most common data-breach source for the health care sector. Insider theft and employee error/negligence tied for the second most-common data-reach sources in 2016 in the health industry. In addition, insider theft was a bigger problem in the health care sector than in other industries, and has been for the past five years.

Insider theft is alleged to have been at play in the Jackson Health System incident. Former employee Evelina Reid was charged in a 14-count indictment with conspiracy to commit access-device fraud, aggravated identity theft, and computer fraud. Prosecutors said that her coconspirators used the stolen information to file fraudulent tax returns in the patients’ names.

Sources: FierceHealthcare; February 22, 2017; and HealthLeaders Media; February 21, 2017.

Recent Headlines

Despite older, sicker patients, mortality rate fell by a third in 10 years
Study finds fewer than half of trials followed the law
WHO to meet tomorrow to decide on international public heath emergency declaration
Study of posted prices finds wild variations and missing data
Potential contamination could lead to supply chain disruptions
Declining lung cancer mortality helped fuel the progress
Kinase inhibitor targets tumors with a PDGFRA exon 18 mutation
Delayed surgery reduces benefits; premature surgery raises risks
Mortality nearly doubled when patients stopped using their drugs