More than hackers trying to breach your personal data, hospitals, doctors’ offices and even insurance companies could be leaking out your identity, new research shows.
Researchers from Michigan State University (MSU) and Johns Hopkins University found that more than half of the recent personal health information, or PHI, data breaches were because of internal negligence by medical providers, not because of hackers or external parties.
“This could be an employee taking PHI home or forwarding to a personal account or device, accessing data without authorisation, or even through email mistakes, like sending to the wrong recipients, copying instead of blind copying or sharing unencrypted content,” said lead author John (Xuefeng) Jiang, Associate Professor at MSU.
“Hospitals, doctors’ offices, insurance companies, small physician offices and even pharmacies are making these kinds of errors and putting patients at risk,” Jiang said.
For the study, published in JAMA Internal Medicine, the team reviewed nearly 1,150 cases between October 2009 and December 2017 that affected more than 164 million patients in the US.
The cases fell into six categories: theft, unauthorized access, hacking or an IT incident, loss, improper disposal or other.
More than half of the cases (53 percent) were triggered by internal negligence, while one quarter were caused by unauthorized access or disclosure, more than twice the amount that were caused by external hackers, Jiang said.
Of the external breaches, theft accounted for 33 percent with hacking credited for just 12 per cent.
While tight software and hardware security can protect from theft and hackers, following procedures such as transitioning from paper to digital medical records, safe storage, moving to non-mobile policies for patient-protected information and implementing encryption can help mitigate this crime, the researchers suggested.