Posts

RightPatient-can-mitigate-the-costs-of-a-healthcare-data-breach

Healthcare Data Breach Cases Lead to Medical Identity Theft – How Are You Protecting Patients?

RightPatient-can-mitigate-the-costs-of-a-healthcare-data-breach

Anyone who knows about the US healthcare system also knows that it has always been riddled with issues, even before the COVID-19 pandemic hit. Astronomical costs, the lack of price transparency, and the insurance system are not the only problems. Poor healthcare outcomes, preventable medical errors, medical identity theft, duplicate medical records, and lack of interoperability also plague healthcare facilities across all states. While we have covered many of these topics at one point or another, this time we will focus on healthcare data breach cases. Let’s take a closer look at recent healthcare data breaches, why providers are being targeted so frequently, how they generate medical identity theft, and how healthcare providers can protect patient data even after breaches.

RightPatient-can-mitigate-the-costs-of-a-healthcare-data-breach

Healthcare data breaches are becoming increasingly common

When the pandemic hit the US healthcare system, many hackers had pledged that they won’t attack healthcare providers and steal patient information – something that was unprecedented. However, not all of the hackers shared the same mindset, and there have been many healthcare data breach cases over the past few months. As a result, healthcare providers are having to fight multiple battles at the same time. Let’s review two of the recent attacks.

UHS reportedly suffered a huge breach

Pennsylvania-based Universal Health Services, a health system that consists of 26 hospitals, suffered a breach. On the 30th of September, they stated that some of the systems had been recovered. While there are no specifics as to how many patients were affected, the health system was forced to go offline on all of its locations to reduce the risks. However, it is working tirelessly to restore the affected systems.

Ashtabula County Medical Center

The Ohio-based medical center also suffered a cybersecurity attack on the 27th of September which forced it to cancel procedures.

What are healthcare providers saying regarding data breaches?

Many are stating that healthcare data breach cases are becoming quite common and they need better cybersecurity measures to reduce these unwanted events. While cybersecurity has always been a concern of CIOs and IT leaders, the budgets don’t allow them to realize their visions of having breach-free health systems. Moreover, they are expecting even more data breaches in the future, as they don’t see data breaches going away anytime soon. Sadly, the problems do not end here.

Protect-patient-data-and-prevent-medical-identity-theft-with-RightPatient

Healthcare data breaches generate medical identity theft

Data breaches are huge nightmares for any healthcare provider. The worst part is that they’re inevitable, and even the biggest health systems can be vulnerable – hackers are constantly uncovering new strategies to attack and steal patient information. 

After stealing the patient information, fraudsters buy it from the black market and they assume the identities of the patients. Not many healthcare providers have effective patient identity management systems, so scammers can easily pass themselves off as the patients, since they have their credentials. If providers use effective patient identification platforms, they can prevent medical identity theft in real-time. Thus, while data breaches are inevitable and, without proper cybersecurity measures, unavoidable, medical identity theft can be prevented.

RightPatient mitigates the losses associated with data breaches

Using a robust photo-based engine, RightPatient ensures accurate patient identification using the feature fraudsters or hackers cannot steal or imitate: patients’ faces. 

The platform can also identify patients right from appointment scheduling – patients are asked for a personal photo and a photo of their driver’s license after scheduling an appointment. After patients provide the photos, RightPatient matches the photos to verify the patient’s identity to see if they are who they say they are. If a fraudster is assuming the identity, RightPatient red-flags the anomaly, preventing medical identity theft in real-time. New patients are provided with biometric credentials, making it a seamless process.

If the patients are coming in person to the healthcare facilities, all they need to do is look at the camera. RightPatient matches the new photo with the saved one – if it’s a scammer, RightPatient red-flags the incident, preventing medical identity theft. It ensures a touchless and hygienic environment for everyone, something that is mandatory in a post-pandemic world.

RightPatient is enhancing patient safety, protecting patient data from being corrupted, and improving healthcare outcomes. Mitigate your losses, prevent medical identity theft, and enhance patient safety now with RightPatient.

protecting-patient-data-is-challenging-for-hospitals

Protecting Patient Data is a Topmost Priority During the Coronavirus Pandemic

protecting-patient-data-is-challenging-for-hospitals

The last few months have been excruciating for the whole world due to the COVID-19 outbreak. Hospitals have been working tirelessly, tending to the unprecedented number of patients coming in. However, that has not stopped them from experiencing unwanted incidents like data breaches. However, even in this scenario, protecting patient data is a must. 

Protecting-Patient-Data-is-possible-with-RightPatient

An example

On March 20, University of Utah Health started notifying a number of its patients regarding a phishing incident followed by a malware attack. Back in February, the provider detected unusual activities on their employees’ email accounts. After conducting a thorough examination, they concluded that an outsider gained unauthorized access to those employees’ email accounts between January 7 and February 21.

The outsider did this by acting as a trusted source. Thankfully, the U of U Health was successful in securing the affected accounts. Some of the patient data, which was potentially exposed consisted of patient names, DOB, medical record numbers, as well as some clinical information. 

However, that was not the end of the data breach.

After detecting the phishing attack,  U of U Health found out that an employee’s machine might have contained downloaded malware on February 3. After scrutiny, the experts at  U of U Health stated that the malware potentially allowed access to parts of patient data, just like the previous one – names, DOB, medical record numbers, as well as some clinical information.

The matter is still being investigated, and however, U of U Health stated that they did not find any evidence that the affected patient data was misused. The healthcare provider is making changes to ensure that such unwanted incidents do not happen again. 

That is just one healthcare provider. There are numerous that are still facing data breaches, even during the coronavirus pandemic. The crisis makes it ripe for hackers to steal sensitive patient information, as hospitals are having a hard time dealing with the whole situation at hand.

Medical identity theft issues 

The hackers can steal patient data, and either use it for their purposes or sell it to other parties. The outcome is medical identity theft – someone else assumes the identity of the patients and uses healthcare services, which were initially meant for the patients. Medical identity theft causes the victims to receive shocking bills for services they never used. It can also lead to the healthcare providers being hit with lawsuits by the patients, claiming that the providers did not protect their sensitive patient data well enough. 

How are hospitals protecting patient data?

This is where RightPatient can help. With this contactless patient identification platform, medical identity theft can be prevented easily. RightPatient uses biometric data (such as iris) to store medical records along with capture photos of the patient. Later on, all a registered patient needs to do is look at the camera – RightPatient identifies the accurate medical records within seconds and provides it to the hospital staff. Even in the case of a data breach, patient records are locked with the patients’ biometric information. Thus, also if a third-party assumes the identity of the patient, the platform will immediately detect the fraudster – preventing medical identity theft and protecting patient data.

Also, it is of paramount importance that hygiene is maintained within hospitals, which is why RightPatient’s contactless identification platform makes it ideal for detecting accurate patient records during this crucial time without causing infection control issues. 

At the Becker's Conference, learn how RightPatient prevents patient fraud

At the Becker’s Conference, learn how RightPatient prevents patient fraud

At the Becker's Conference, learn how RightPatient prevents patient fraud

The Becker’s 2017 (and 3rd annual) Health IT & Revenue Cycle Conference is only a few days away! Needless to say, we’re excited, and it’s not just because George W. Bush and Sugar Ray Leonard will be there. The conference has a great lineup of speakers, presentations, and, ahem, vendors like RightPatient that will be providing a wealth of information on a variety of important topics.

The timing of this conference could not be better considering the recent Equifax data breach, which puts over 140 million Americans at risk of identity theft. This has serious implications for healthcare, but the good news is that patients and providers can mitigate their risk with RightPatient.

Since our inception, we have always recommended Photo Biometrics with RightPatient and have never deviated from that position. This didn’t come out of left field; we are, by far, the most experienced vendor in our market segment with 15 years of experience in biometric technology. We have worked with many biometric modalities, implemented our technology in projects around the world, built some massive biometric matching systems, and generally know this stuff inside and out. That’s why we always knew what was best for healthcare and had a vision of how Photo Biometrics would be used with our platform to transform the way that patients are identified.

 

RightPatient accurately identifies patients by simply capturing their photo. At provider locations, this is critical to prevent identification errors and medical record mix-ups that affect patient safety, revenue cycle, and data integrity. With 1,000 patients dying each day from preventable medical errors and hospitals writing off millions of dollars annually from denied claims and patient fraud, health systems should have an easy time justifying RightPatient.

But, for good measure, we now have the Equifax breach. Patient fraud was already a serious issue with 2-10% of patients showing up at the ED and providing false information (I’m looking at you, frequent flyers). We’ve heard countless stories from customers before they implemented RightPatient about frequent card sharing and outright fraud that was costing them millions in annual write-offs (RightPatient has since eliminated these issues). With the personal data of over 140 million Americans now compromised, how much easier will it be for someone to obtain care, access healthcare information, or gain a medical record release under a stolen identity?

Here’s the bigger question – why deal with any of these risks at all? For a small monthly fee, healthcare providers could implement RightPatient and solve these issues. When patients interact with their providers, RightPatient captures their picture and accurately identifies them. The service is contactless (ideal for hygiene/infection control), supports mobile devices (e.g. EMTs, unconscious patients, home health visits), and the patient photos that RightPatient simultaneously captures deliver unparalleled value in various ways.

If you have a chance, stop by our booth #1003 at the Becker’s Conference to check out why RightPatient is transforming patient ID in healthcare and to learn about our vision. We look forward to seeing you there!

Mhealth-requires-strict-patient-identificaiton-like-RightPatient

UCLA Breach Reinforces Importance to Protect Patient PHI

Mhealth-requires-strict-patient-identificaiton-like-RightPatient

It’s probably unfair to say that the recent UCLA Medical Center data breach that potentially exposed the personal health information (PHI) of 4.5 million patients was a wake up call for the healthcare industry to implement tighter data security protocols. In fact, it wasn’t a wake up call at all.

Healthcare data breaches have proliferated over the last five plus years, and the Health and Human Services (HHS) public “wall of shame” list of healthcare data breaches involving 500 or more individuals is…well….let’s just say a tad crowded. Since HHS began the list in 2009, 1,265 breaches exposing the records of nearly 135 million people have made the list. Ouch. The UCLA data breach isn’t groundbreaking news, it is simply another chapter in the long novel of healthcare data breaches that have placed millions of patients at risk by exposing their PHI and in some cases, social security numbers and personal demographic information. 

Mhealth-requires-strict-patient-identificaiton-like-RightPatient

The recent UCLA data breach is a strong reminder that healthcare organizations should consider the use of biometrics such as facial or voice recognition to protect patient PHI on mobile devices and patient portals.

The UCLA breach also foreshadows rising demand for tighter security protocols to protect PHI from unauthorized access on patient portals, mobile devices, and other new touchpoints. This rise of additional patient touchpoints to access PHI has vaulted establishing tighter security controls into the spotlight beyond traditional means of authentication. History has shown that username/password-based security is inadequate on mobile devices, yet healthcare organizations continue to adopt technology that uses this method to authenticate patients. Considering the high stakes to protect patient PHI, the UCLA data breach wasn’t a wake up call – it moved the needle to protect patient PHI to Defcon 1. 

The HIPAA Privacy Rule mandates that healthcare organizations secure remote access to PHI data as a safeguard for patient privacy and to eliminate data breaches that can lead to fraud and medical identity theft. The introduction of touchpoints such as patient portals and mobile devices changes the dynamic of protecting patient PHI because it demands adopting strategies that include using modern patient identification systems yet many healthcare organizations continue to rely on antiquated security solutions.  

Healthcare organizations must now consider patient identification systems that can address accurate authentication at each and every touchpoint along the care continuum, far beyond simply implementing technology that covers patient ID at office visits. 

Accurate-patient-identification-enhances-PHI-security-RightPatient

Implementing accurate patient identification when accessing PHI from mobile devices and patient portals must balance strong security with convenience and speed, which is why technologies such as facial and voice biometrics are gaining popularity. The use of biometrics to protect patient PHI is a smart investment, especially if healthcare organizations deploy a solution that offers the flexibility to be used during hospital/office visits and on each and every touchpoint a patient now has the ability to utilize as a means to access health data. Biometric patient identification solutions offer stronger security than user names and passwords and have proven to be more efficient and convenient by eliminating the need and frustration to remember multiple login credentials.

As we experience a sharp rise in patient driven interactions within the healthcare system that offer more avenues for criminals and hackers to access PHI, it is critical that healthcare organizations implement modern identification solutions that have the ability to better protect this information. Biometrics to protect patient PHI is quickly gaining attention as a security solution that can serve this need. Although it’s impossible to determine whether or not biometrics could have helped prevent hackers from obtaining access to protected patient PHI in the UCLA data breach, the use of this technology can help to offer a secure layer of protection that can deter hackers from even attempting to try.