Healthcare and PII: They’ve Seen You Naked

February 6, 2015 | Patrick Bedwell
X

Get the latest security news in your inbox.

Subscribe via Email

No thanks. Close this now.

With the recent Anthem data breach that has grabbed our attention, the topic of how Healthcare organizations protect your Personally Identifiable Information (PII) has moved to the forefront. In many ways, bad actors acquiring your PII are far worse than them simply stealing your credit cards.

Stolen credit cards, you can cancel – easily and usually without cost. Stolen PII – not so simple. With your PII, or the PII of your kids, bad actors can set up new lines of credit that you can be unaware of for months or years.

Even though Anthem has pledged to help with free credit protection for those of us affected, it took them 8 days to communicate this breach. In addition, it will take a while for them to arrange credit protection for us. So the situation is dire.

The PII a Healthcare provider has usually includes the social security number, date of birth, address, home phone, work phone, mobile phone, for everyone in your family covered by that provider.

Fortunately, in the case of Anthem, it appears that Electronic Medical Records (EMR) were not breached. Don’t breathe a sigh of relief just yet, though.

Even without EMR, PII can be used to impersonate you. Armed with the PII that Healthcare providers typically possess, bad actors can do quite a bit more than acquiring new lines of credit on your behalf. They can also use your family’s PII to create new identities and secure state or federally issued identification documents, such as driver’s licenses or passports. Imagine waking up one morning to learn that you’re now a prime suspect in a crime half-way around the world? Sure you didn’t do it, but Google searches on your name are going to be a drag for the Rest. Of. Your. Life.

And, by combining PII from a Healthcare provider with readily available social media information, such as pictures, likes/dislikes, favorite books and movies they have a wealth of data at their disposal to perfect their ‘legend’ about you.

In the not-too-distant future there will likely be healthcare provider breaches that give bad actors access to EMR data as well. That means they will know quite a bit about the naked you, such as allergies, weight, height, surgical history, diseases you’ve had – even what your blood pressure is. The prospect is enough to elevate anyone’s blood pressure.

Healthcare providers being breached has the potential to be a devastating breach for you and your family, because they possess so much intimate information about you – your naked self. With your Healthcare info, plus social media and other readily-available information, what is left to the imagination? What is left of you that is a secret to bad actors?

What can and should be done

Healthcare providers need to invest in both prevention and detection of data breaches. As a security vendor, we have technologies to help. AlienVault Unified Security Management (USM) is an all-in-one platform designed and priced to ensure that mid-market organizations can effectively defend themselves against attempted data breaches and other threats. AlienVault Open Threat Exchange (OTX) is an open threat information sharing and analysis network that provides real-time, actionable information to help identify malicious third parties looking to steal data.

References:

Patrick Bedwell

About the Author: Patrick Bedwell

Patrick has been working in information security for over 17 years, creating and executing marketing strategies for both startups and public companies.

Read more posts from Patrick Bedwell ›

‹ BACK TO ALL BLOGS

Watch a Demo ›
Get Price Free Trial