Toronto Healthcare IT Services
Cybercrime continues to wreak havoc in the healthcare sector. Are you working with the right Toronto healthcare IT services to keep your patient data secure? A recent PayPal scam at an eye clinic shows exactly how vulnerable healthcare organizations can be.
Secure Healthcare IT Services In Toronto
An eye clinic in Utah is undergoing damage control in the wake of a data breach that has affected up to 20,000 of their patients. The PayPal-based scam, which occurred approximately 18 months ago, exposed patient emails, and possibly other personal info as well.
The attack targeted Utah Valley Eye Clinic’s third-party portal, sending a false letter to patients to confirm that a PayPal payment had been received. Private data such as names, addresses, dates of birth and phone numbers may have been accessed by cybercriminals.
It’s incidents like this that show why Toronto healthcare IT services can’t just focus on the standard, basic cybersecurity like firewalls and antivirus. They also need to consider third parties and patient portals.
Are Your Toronto Healthcare IT Services Protecting Your Patient Portal?
The patient portal is a secure website through which patients can access their electronic health record (EHR). Additionally, depending on the type of medical practice and software involved, the patient portal may also allow for a range of different associated tasks to be carried out, such as requests for prescription refills, appointment scheduling, and direct messaging.
In the report, “The State of Patient Identity Management”, the surveyed healthcare organizations reported using the following security measures inpatient portal authentication processes:
- Username and password (93%)
- Knowledge-based authentication questions and answers (39%)
- Email verification (38%)
One of the best ways to add security to user authentication processes is with Multi-factor Authentication (MFA). MFA requires the user to utilize two methods to confirm that they are the rightful account owner.
There are three categories of information that can be used in this process:
- Something you have: Includes a mobile phone, app, or generated code
- Something you know: A family member’s name, city of birth, pin, or phrase
- Something you are: Includes fingerprints and facial recognition
Are your Toronto healthcare IT services handling this for you?
Are Your Toronto Healthcare IT Services Considering Third-Party Security?
Regardless of how secure you may be, the third parties that access your patient data need to be secure as well. Do you know if they are?
You need to – in fact, it’s a part of your compliance regulation. No matter how much you may have invested in your security and compliance, it won’t amount to anything if your business associates aren’t doing the same.
That’s why you need agreements with all your vendors. Without them, you could end up like any of the following real-world examples of third party data breaches:
- Ransomware Hits Hundreds Of Dental Practices: Near the end of the summer, hundreds of dental practices across the US were infected with malware. Over the course of the weekend, hackers penetrated the target systems, and by the time staff came in for work Monday morning, their patient data was inaccessible. Instead of targeting the dental practices directly, hackers went after a digital “bottleneck” of sorts – the developers of software that so many practices use, DDS Safe. This medical record retention and backup solution are meant to help practices manage their patient data, but the hackers turned it against them.
- Northwood Email Compromised: This medical equipment benefits administrators had their employee email breached this past summer, affecting more than 15,000 patient records. The cybercriminal in question had access to the data for at least three days, calling into question how much of it may have been compromised.
- Cancer Treatment Centers of American Email Hack: A cybercriminal gained access to this organization’s data for 11 days – and this is the third time CTCA has been breached. In this instance, at least 4,000 patient records were compromised.
- American Medical Collection Agency Hacked For 8 Months: More than 25 million patients’ information was exposed over the course of an eight-month hack.
Don’t make the mistake of assuming your healthcare organization is low-profile enough to avoid a cybercriminal’s crosshairs. Even if you are (and again, you aren’t), your business associates probably aren’t. That’s why you need the right Toronto healthcare IT services on your side.