Physicians urged to get serious about protecting patient data

SAN DIEGO — Physicians should lead the charge for data protection in their practices because the best firewall is a security-focused culture, cybersecurity advisor Larry Thompson told attendees here at the American Academy of Asthma, Allergy & Immunology annual meeting.

Thompson described patient data in terms of black market value to the thieves who buy and sell it. Personal health data is the most attractive target because “if they steal that [they] can really become that person because [they] know everything about that person.”

And that’s far more information than was stolen in the recent theft of Target store customers, Thompson said.

Larry Thompson 

Larry Thompson

Too many health care professionals believe too many cybersecurity myths, Thompson contends, and tend to worry about the operation, believing data security is “not part of the operation.”

But health care data is very much part of the operation for thieves, he said, because the average black market value of basic personal data is $28 per record. But data enriched with personal health information commands $50 per record on the black market.

Thompson reminded his listeners that there is a reason the FBI has a separate list of hackers called Cyber’s Most Wanted.

He also stressed that the cost of a breach can be devastating, including investigations, patient notification, ID theft protection and security monitoring, corrective action plans, management and staff distractions and damage to reputation.

Thompson said most physicians probably believe they “already do security” in some way. But he believes real protection requires a security-conscious culture that begins with showing employees how to protect their own computers and data so they are then more likely to bring the same secure habits to the workplace.

“Make it personal,” he said. “Most of the bad things that happened to a computer you have to do to your computer,” said Thompson, noting that hackers rely on well-known human factors that attract users to click on email attachments, download unregistered software or insert insecure portable memory devices.

Finally, he urged clinicians to backup all their data, password protect all wireless networks, use data encryption, protect devices from physical theft and consider a password locker or manager.

Disclosures: Thompson is a professional cyber security consultant.

For More information:

Thompson, L. #1701: Cybersecurity: Technology in Practice. Presented at the 2014 American Academy of Allergy, Asthma & Immunology annual meeting; Feb. 28-March 4, San Diego.

See more from American Academy of Allergy, Asthma and Immunology

See all meeting news coverage