How much are your emails worth to hackers? Well, according to Forbes, a stolen credit card number is worth 25 cents in the black market, whereas electronic medical health records could be worth hundreds — or even thousands — of dollars. But with more and more patients requesting private health data via email, what’s a healthcare provider to do? Get email encryption like that offered by Microsoft Email from GoDaddy.
Globally, healthcare providers are a prime target for hackers. Unlike stolen credit cards, which can be easily rectified with the victim's bank, healthcare data breaches pose much more risk and have the potential for some serious damage.
The cyberwar on healthcare
Photo: Natanael Melchor on Unsplash
Digital thieves use a type of malicious software called ransomware to hold critical healthcare data and systems hostage. These cybercriminals have successfully extorted busy hospitals by seizing their electronic records so they can’t be accessed by doctors or nursing staff. Access is only reinstated when the hospital agrees to pay a seven-figure ransom.
Cyber thieves also target emails sent to patients and other medical facilities.
But that’s not the only trick hackers have up their sleeves. They can also intercept email messages sent from health providers to patients or other medical facilities in an effort to harvest private patient data.
Why health providers?
It’s easy to see why healthcare information is worth the trouble. Healthcare providers handle massive amounts of protected health information (PHI) about patients. This includes:
- Medicare card number
- Linked bank accounts
- Electronic health records (e.g. pathology results)
- Digital images and scans
- Prescriptions
- Patient admission and scheduling details
Once harvested, this data is sold on the darknet. Even routine emails with patients can be intercepted for identify theft or for other fraudulent activities.
You’re required by law to protect patient health information.
As set out in Australia’s Privacy Act 1988 (Cth), healthcare providers are expected to take reasonable steps to protect records of personal information from misuse, interference and loss, and from unauthorised access, modification or disclosure.
If you provide any health service and hold any health records, you’re considered a ‘health service provider’ in Australia. This means you’re required by law to keep all health information safe from interception or “eavesdropping” by third parties.
The challenge is that health service providers are increasingly receiving email requests for information from patients, other clinicians and third parties.
While emailing is a quick means of communication, it does leave the door open for theft and misuse of data.
Recommended steps
The Office of the Australian Information Commissioner recommends health service providers implement at least one of the following steps:
- Display your privacy policy prominently at your practice and keep copies of the policy available at reception.
- Hand a copy to all new patients when they register with you.
- Refer to the policy (and how to obtain a copy) in your registration forms, collection notices and other consent forms.
For more information, consult the OAIC’s Guide to developing an APP privacy policy.
Protect patient emails with Microsoft Email
General Practices and other healthcare providers might not always appreciate the risks associated with using standard unencrypted emails in the healthcare environment. As all health information is sensitive by nature, all communication of health information, including via electronic means, must adequately protect the patient’s privacy.
The Royal Australian College of General Practitioners recommends GPs email personal medical information to patients “using desktop software encryption or via a secure website.”
One way to do this is by using the Office 365 encryption add-on GoDaddy provides for use with its Office 365 Email accounts. This encrypts the contents of any email sent from your official email account. To read the message, your recipient must log in to a password-protected portal to view it. This technology uses the same level of 256-bit encryption used by some of the largest banks and corporations to protect their data.
Office 365 Email from GoDaddy is ideal for anyone who provides health services to clients or patients, from GPs to sole practitioners who provide health-related services.
Photo: Daniel Frank on Unsplash
The Online Essentials and Business Premium plans include:
- World-class data security and spam filtering to keep dodgy emails out of your inbox.
- Business email addresses that match your practice’s domain name.
- Large email storage capacity of 50 GB email, contacts and shared calendars.
- Web versions of the popular Office suite, including Word, Excel, PowerPoint and OneNote which can be used on the go.
- GoDaddy expert support to help set it all up and troubleshoot for you.
It’s important to note that all of GoDaddy’s O365 Email plans work with the encryption add-on.
If there is any doubt that their communications could be compromised, patients might discontinue your services. You can increase their confidence by showing you’re serious about protecting their private data from theft.
It’s not worth the risk. Protect patient data today
Now more than ever, it’s critical that personal data is protected at all times.
Whether you’re a solo operator or a large hospital, every health service provider is at risk from cybercriminals looking to steal their patients' data. It might have already happened and you’re not even aware of it!
With healthcare providers receiving more and more requests via email, using high-quality encrypted email like Microsoft Office 365 from GoDaddy is a must.
