On the heels of massive data breaches experienced by Anthem and Premera comes an announcement from CareFirst BlueCross Blue Shield that it was a target of a cyberattack that compromised information of approximately 1.1 million current and former consumers. Also impacted were individuals who conducted business with the healthcare insurer online. While hackers gained access to a single unencrypted database, it is another reason for healthcare organizations to consider investing in managed security and compliance services.
CareFirst said that although the hackers gained access to customer names, email addresses and birth dates, they didn’t obtain sensitive financial or medical information such as Social Security numbers, credit card information or details regarding medical claims. Passwords also were not compromised.
Five ways to monitor protected health information (PHI)
While CareFirst is providing credit monitoring and identity theft protection services for those impacted by the data breach, the company is also urging individuals to “monitor and safeguard their personally identifiable information.” But what steps should take to secure your protected health information (PHI) year round? HOSTING Chief Information Security Officer (CISO) Johan Hybinette lists five steps for safeguarding PHI.
- Monitor your credit – Reputable credit agencies such as Experian, Equifax or TransUnion will provide a free credit report once a year. Some will place fraud alerts on it if anyone has charged fraudulent medical bills in your name. They can also issue a credit freeze, only allowing access to your report with a personal identification number (PIN).
- Check medical records – Contact your doctor’s office, pharmacist and hospital to ensure your medical information is current and correct. Report any unauthorized changes to it immediately.
- Appeal refusals to grant you access to your medical records – If you are refused access to your medical records, it could be a sign of tampering. File an appeal with your medical provider immediately. You should be entitled to a “Notice of Privacy Practices” policy without cost. You can also file a complaint with the U.S. Department of Health and Human Service (HHS) at http://HHS.gov.
- Monitor your insurance benefits – Make a point of reviewing your health insurance benefits at least once per year (quarterly is good). Contact your insurer immediately if you see treatments that you never received listed.
- Watch your insurance premiums – Investigate higher premiums immediately as they can be a sign of false claims against your health insurance.
HOSTING Managed Security and Compliance Services™
Healthcare organizations have increasingly become prime targets for hackers due to the wealth of personal information they store on their databases, including medical claims records, Social Security numbers, and information about credit card and bank accounts. Additionally, a lack of resources and expertise often hamper healthcare organizations’ efforts to implement and maintain strong security measures.
HOSTING Managed Security and Compliance Services™ support healthcare organizations in the fight against data breaches and cyber attacks. The HOSTING team of certified security and compliance experts provides advanced levels of security and support across our hybrid cloud solutions to fully protect PHI and mitigate risks for healthcare customers subject to HIPAA regulations. Our solution suite includes comprehensive risk assessments, dynamic security and compliance monitoring, and round the clock access to a team of dedicated Tier 2 and Tier 3 support experts who are fluent in the complexities of securing healthcare data assets.
Unfortunately, Anthem, Premera and CareFirst are part of an exclusive club – one that no healthcare company can afford to join. Contact HOSTING for a custom quote on our managed security and compliance services. You can also download our complimentary white paper, Avoiding the Breach: What You Need to Know About Online Security, for more information.