What happens when you try to opt out of e-health to avoid issues in the event of a breach?
Healthcare hacks are particularly insidious. When hackers get the data, they hack you – or at least the closest facsimile there is of you. And unless you lie on your health records (and even then, there are checks), they contain very accurate details on you. While these breaches are considered inconvenient for healthcare providers, they are far more troubling – and hard to recover from – for you. So what happens when you try to opt out of e-health to avoid issues in the event of a breach?
Good luck. It’s hard to do. Very hard.
I recently had an allergic reaction to some routine antibiotics, over a weekend. I called my provider. They sent me to a website to type in some very personal details. I refused. They wouldn’t talk to me. They said I could come in to the clinic, but all I needed was a couple-of-minute consult with an expert and my health situation made it difficult to travel. They didn’t care. I asked about talking through it on the phone. No way. They claimed their e-health system was secure. I told them what I do for a living. They didn’t care.
If everything is so secure in e-health, why are its providers perennially in the headlines for being hacked? Breach after breach. The difference is that while you can reset your password, you can’t reset who you are without more surgeries than a Hollywood starlet. And while that may be an interesting movie plot (possibly even desirable), it also seems more difficult than the option of not allowing access to your health information to begin with.
There’s nothing wrong with using the best e-health tools we have – at least once the doctors and staff have been brought up to speed and understand security. We’re not there yet. Meanwhile, tech folks are improving security, but socially engineering medical staff seems like low-hanging fruit for the attackers. And for those in the security industry – with our paranoia levels turned up to 11 – relying on those in the health industry, who none-to-infrequently ask us silly security questions, makes us very afraid. The kind of afraid that probably makes our reaction to medicine worse. Maybe? I never did find out.
The good news (my wife alleges) is that I lived, and my situation didn’t take a turn for the worse.
There is a story told where an elderly person developed serious health complications and went to the emergency room for help. It turns out it was heat related. Someone offered that it would probably save tens of thousands of dollars in healthcare costs to pay the few hundred bucks to have the patient’s air conditioner fixed, thereby skirting the expensive alternatives. This is that kind of thing.
Healthcare security will be a challenge we all need to lean into for the foreseeable future, but there’s no such thing as perfect security. And when it comes to your health, no one cares more than you do about protecting it, and the records that represent what’s happening to you. So while we applaud new initiatives that folks can opt in and take advantage of if it makes sense for them, forcing one-size-fits-all in an imperfect security world seems a step too far.
Also, I should stop crushing part of my foot with large falling objects, hence requiring me to need antibiotics, but that’s another story…
written by Cameron Camp, ESET We Live Security