APMA News - March/April 2019 - A3

SUPPLEMENT TO APMA NEWS

YOUR APMA / PAGE 3

IS YOUR PODIATRY PRACTICE CYBER SECURE?
By PICA Risk Management
Part one in a three-part series.

With the increased use of technology
in health care comes the increased
risks of cyberattacks and cyber
liability, as well as regulatory
investigations, fines, and penalties.
Anything created, stored, or
transmitted electronically is at risk
of being compromised by an innocent
mistake or-worse yet- maliciously
stolen by a criminal. When it come
to data breaches, not all industries
are on equal ground. Some have
traditionally been much bigger targets
than others. The bigger targets
include health care, and by extension,
podiatry.

ccording to a recent compilation of
data breach statistics, 1.9 billion data
records were stolen or lost in 918 data
security incidents worldwide during the first
half of 2017. That's approximately 11 million
data records every day; 437,815 data records every hour; 7,297 data
records every minute; or 122 data records every second. Of those
918 data security incidents, 808 occurred in the United States, and
228 of them-approximately 25 percent-were breaches of medical
or health-care information, accounting for more than 31 million compromised patient data records.1

Many people don't believe-or understand why-medical
information is valuable or at risk

very large organizations have exposed anywhere from several hundred
to several million patient records. Likewise, cyberattacks on small solo
practices-though frequently in the range of several hundred to several thousand-have exposed tens of thousands of patient records with
a single breach. As an example, a podiatry group in Illinois discovered
an unauthorized user accessing its computer records in 2015. By the
time the breach was discovered, more than 26,500 patient records
had been compromised.4

Podiatry records, like any other type of medical record, are targeted because they contain a variety of patient information:
Social Security number, financial, health, demographic, and
family information. This information offers criminals many potential uses for the stolen information, including identity theft and
applying for credit cards, store accounts, or other lines of credit.
They also use the information to purchase medical equipment and
pharmaceuticals that can be resold-or to masquerade as health-care
providers to fraudulently bill health insurers or the government for
fictitious medical care. One cybersecurity expert estimates that a
medical record can fetch hundreds or even thousands of dollars on
the black market. A credit card number may go for as little as a quarter of a dollar, and a Social Security number for as little as a dime.2

In the next installment, learn about the specific security risks
associated with EHR systems.

Big or small, all health-care organizations are at risk
The size of the entity does not necessarily determine the size of the
breach. Large health-care systems, hospitals, facilities, surgery centers, group practices, and individual health-care providers have all
been attacked. One need only reference the HIPAA data breach "wall
of shame" to verify the truth of this assertion.3 Data breach incidents at

1 "First Half 2017 Breach Level Index Report: Poor Internal Security Practices
Take a Toll," September 20, 2017, https://www.gemalto.com/press/pages/
first-half-2017-breach-level-index-report-identity-theft-and-poor-internalsecurity-practices-take-a-toll.aspx, accessed May 22, 2018.
2

Mariya Yao, "Your Electronic Medical Records Could Be Worth $1000
To Hackers," Forbes, April 14, 2017, https://www.forbes.com/sites/
mariyayao/2017/04/14/your-electronic-medical-records-can-be-worth1000-to-hackers/#c2b077350cf1, accessed May 22, 2018.

"Breach Portal: Notice to the Secretary of HHS Breach of Unsecured Protected Health Information," US Department of Health and Human Services
Office for Civil Rights, https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf,
accessed May 18, 2018.

"Illinois Valley Podiatry Group warned 26,588 patients after contractor
hacked," DataBreaches.net, March 23, 2016, https://www.databreaches.
net/illinois-valley-podiatry-group-warned-26588-patients-after-contractorhacked, accessed March 1, 2019.

For more information, contact PICA's Risk Management department
at 800-251-5727.

https://www.gemalto.com/press/pages/ first-half-2017-breach-level-index-report-identity-theft-and-poor-internalsecurity- practices-take-a-toll.aspx https://www.gemalto.com/press/pages/ first-half-2017-breach-level-index-report-identity-theft-and-poor-internalsecurity- practices-take-a-toll.aspx https://www.gemalto.com/press/pages/ first-half-2017-breach-level-index-report-identity-theft-and-poor-internalsecurity- practices-take-a-toll.aspx https://www.forbes.com/sites/mariyayao/2017/04/14/your-electronic-medical-records-can-be-worth-1000-to-hackers/#c2b077350cf1 https://www.forbes.com/sites/mariyayao/2017/04/14/your-electronic-medical-records-can-be-worth-1000-to-hackers/#c2b077350cf1 https://www.forbes.com/sites/mariyayao/2017/04/14/your-electronic-medical-records-can-be-worth-1000-to-hackers/#b3706bf50cf1 https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf http://www.DataBreaches.net https://www.databreaches.net/illinois-valley-podiatry-group-warned-26588-patients-after-contractorhacked https://www.databreaches.net/illinois-valley-podiatry-group-warned-26588-patients-after-contractorhacked https://www.databreaches.net/illinois-valley-podiatry-group-warned-26588-patients-after-contractorhacked

APMA News - March/April 2019

Table of Contents for the Digital Edition of APMA News - March/April 2019