Shield Health Care Group is a provider of MRIs and related medical imaging services. A few of the company’s clients include the New England Patriots and Boston Celtics.
In early 2022, the Massachusetts company reported a data theft that affected over 2 million people with the affected patients seen at 56 different facilities.
One medical security expert said, “Imaging is a heavily used diagnostic tool, so a large number of affected facilities and patients is not a surprise.”
According to Shields, an unknown actor gained access to their system for two weeks.
The type of data compromised included names, social security #’s, birthdates, addresses, and medical records with insurance information.
Upon learning of the breach, the company took steps to secure its computer systems.
The reality is that medical providers are a popular target for cyber-attacks because they have a lot of personal information.
Cybercriminals go after the biggest target, since the more data they can steal means the payoff is bigger.
According to a security analysis, as many as 83% of internet-connected medical imaging devices are vulnerable to cyber-attacks.
This includes devices from MRI machines to mammogram devices.
The problem with these devices is that they have a very long life, so the medical imaging device at your doctor’s office could be old.
And if it’s not updated to the latest security software it could be exposed to hackers.
One cybersecurity expert said, “It’s like having a permanently broken window on the side of your house—you never know when someone might slip in.”
It’s estimated that at least 1,763 health care providers were hit in 2020 and 2021.
Lately, telemedicine has become popular, which has also played a role in cyber-attacks against medical facilities.
That’s because now all the patient information is on the network, which makes it a big target.
Moving forward, as more of our medical services go online, medical cyber-attacks will become even more frequent and dangerous.
Plus, as the latest medical technologies become more prevalent, such as robotic surgery, there will be more attacks.
Considering this, here are a few things you can do to protect your medical information.
Avoid the apps:
Hospitals, doctors, and telemedicine providers use smartphone apps.
Chances are they want you to download their apps to provide your information, take surveys, and complete paperwork.
But by using these apps you are opening yourself up to a new way to have your information stolen, since these apps are prime targets for hackers.
If you never download the app, there is nothing for them to steal.
So, don’t use these apps unless you have no choice, because once you share your data with these apps you cannot take it back.
However, if you absolutely must use medical apps, read the fine print to see what you are agreeing to.
Never use their Wi-Fi:
Public Wi-Fi is dangerous enough… but public Wi-Fi at the hospital or doctor is even more dangerous.
Again, this is because medical providers are such a big target, so when you are at these facilities it’s better to use your phone data and VPN and stay off the Wi-Fi.
A hacker would rather focus on a hospital or doctor’s office than a coffee shop because the data from a hospital is going to be a lot more valuable.
If you will be spending an extended amount of time at the hospital, consider getting a hotspot device.
Guard your insurance card:
A lot of medical apps will want a picture of your insurance card, and your medical provider might also ask you to email a copy of your card.
You have no choice but to give your provider your insurance card but try to ensure your insurance card is not everywhere – provide your card only when you must.
Ask the provider if they will be making a paper or digital copy of your card, and never keep a picture of your card on your phone or an app.
When you digitize your insurance cards this makes it easier for hackers to steal and seek care in your name.
Cybersecurity is more important than ever when it comes to medical imaging and care, and the companies that own medical devices need to make cyber security a priority.
In the meantime, these steps can reduce the chances of a criminal accessing your data, including your medical diagnoses.