Five tips for defending your online privacy in healthcare

By Bertalan (Berci) Mesko, MD, PhD

This guest post is part of the Festschrift of the Blogosphere celebrating HealthBlawg’s Tenth Blogiversary. Festschrift posts are appearing throughout the month of June 2016.

According to studies by PWC and the SANS Institute, 94% of healthcare organizations have been victims of a cyber-attack. As we use more and more devices from smartphones to wearable sensors, our online privacy can have a very real impact on our health and well-being. When hacked, even simple wearables can yield private information about our vital signs and reveal personal health problems and insight into our habits (like when we regularly go running) that’s best kept from the public eye. More threatening are the findings of security researchers who managed to prove that a deadly overdose of medication could be administered remotely via a vulnerability in certain insulin pumps.

Let’s see the dangers facing our health information, and a few easy tips you can use to boost your privacy levels quickly.

The dangers facing healthcare privacy

Arxan recently surveyed trends and dangers threatening the privacy of healthcare data.

How to protect healthcare privacy – simple tricks and tips

Luckily, there are a few steps you can take today to protect your health information. Here are the five most important tips and tricks.

1) Two-step verification on social media

We share a lot of sensitive information on social media with fellow patients and loved ones about our health. Studies show that most of our social media channels are poorly protected by weak passwords. It’s alarming to think how easy it is to learn when we feel ill, received positive results on a test or what side effects we’re suffering from on treatment.

Setting up two-step verification for social media accounts is one of the simplest security tricks, yet it might be the most impactful method for keeping health information private. All the major social media channels allow users to set this additional protection up in seconds. It means knowing my password will not give you access to my profile, as you will also need the code sent to my phone at every login attempt.

2) Check who you give permission to access your data.

We give permission to access our accounts and information to applications, games and services as if it didn’t matter. It does! With our smartphones and wearables logging our vital signs and physical activities ever more dutifully, it’s easy to leak important information if a service gets hacked, or simply reveal it unknowingly by allowing it to make our data public. Go to mypermissions.org to see what third parties you have already given access to your email address, contact list and more. You can revoke any permissions you don’t like with a click.

3) Know who you buy a device from

My bank account is probably more interesting than my blood pressure measurements, but there are certain details of my life I don’t want to share with anyone. And there is a bigger chance for a fitness tracker coming out of a garage to get hacked than that with millions of users already. Check the company’s profile, and whether they are HIPAA compliant and/or were approved by the FDA.

4) Harden your passwords

Old cliché, but according to recent research, it still counts for a majority of people who use passwords that are very easy to crack. You can use tools to create hardened passwords and use others to keep them safe.

5) Don’t just click on it

If a link in an email or website looks suspicious, it’s best to ignore or report it, as so-called “phishing” attacks have been increasingly used to target healthcare and insurance information. If you hover over the link with your cursor, your web browser will show you the URL behind it. And if it looks bad, please don’t click on it. But even if it looks correct, beware of emails asking you to divulge sensitive account information and ask your service provider’s help desk to clarify why they need you to do so. Cyber-criminals are using increasingly convincing, but fake emails and websites to trick you.

The simplest trick of all is being vigilant. Constantly look for ways of keeping sensitive information safe and know the risks of being active online. This is the best you can do to defend your privacy.

Bertalan Mesko, MD, PhD is the Medical Futurist. A geek physician with a PhD in genomics and an Amazon Top 100 author, he envisions the impact of digital health technologies on the future of healthcare, and helps patients, doctors, government regulators and companies make it a reality.