While most of us are horrified at the number of large insurers whose computer systems and customer databases have been hacked, there may be something positive in the findings. FierceHealthPayer reports that the hacks of the past two years have begun to make it clear to payers the extent of their exposure. In an article entitled “Expert: News of Excellus hack shows healthcare sector better at detecting breaches,” Leslie Small reports on an interview with David Damato, chief security officer at security and systems management company Tanium. Mr. Damato’s point is that hacks have been going on for a number of years. Companies are only now developing tools that allow us to detect the intrusions . . . and hopefully prevent them in the future.
While this article is encouraging on the one hand, it is also quite frightening. Our personal data is all over the internet, sometimes in fairly secure environments like bank web sites, other times in totally insecure places like social media sites that we all know and love/hate. We have naively trusted that the sites we use are secure. Perhaps that is an unreasonable expectation on our part. Perhaps we need to take responsibility for protecting our information before, during, and after the fact.
On August 26, 2015, I wrote about things we consumers of healthcare services can do to safeguard our protected health information (PHI). One very simple action that I mentioned is getting our free credit reports from the three major services. In the past I have gotten all three at once. This year, I have decided to follow a suggestion I found on the credit report site. Instead of downloading all at once, I have entered three reminders in my calendar. I just got my first report in August and have a reminder for August 2016. The second reminder is for 4 months from now. I will get the second report then. The third report will be downloaded in 8 months. That will let me see any unusual activity in three different snapshots during the course of a year. It is not a perfect arrangement, but it is free.
For those who want to be more careful, subscribing to one of the services that keeps an eye on any unusual activity on your credit report is a good way to proceed. Here are a few other simple things you can do to increase the security of your personal information.
- Use only ‘strong’ passwords. Take a look at this 2 minute video to see how to do that.
- Use a password manager that can generate strong passwords for you and store the ones you have used.
- Do not put private information in email. Most email is not secure. Use secure email if you must communicate private info by email.
- Be careful about what you post on social networks.
- If your personal information is stolen, follow the steps provided by the Federal Trade Commission (FTC) on their website and in this document.
As Sergeant Phil Esterhaus used to say on Hill Street Blues, “Let’s be careful out there.”