In the first five years of Obamacare, 11.7 million people purchased new insurance plans and 10.8 million more people gained Medicaid coverage, according to analysis published in the journal Health Services Research.
This is fantastic news for health. But it also gives me heart palpitations. You see, healthcare providers, often small and unsophisticated, are the weakest link in the computer security chain – and more patient records makes providers more at risk from attack.
The vulnerabilities are easy to see. Even today, you walk into surgeries and see filing cabinets left half-open, leaking private information for anyone to pilfer while your doctor or dentist steps out for a moment.
Many healthcare providers are moving to electronic systems. But often these still require paper input, and many suffer from weak points in digital security that are far more serious than the analogue equivalent.
Although much of our healthcare is provided by the state, much of it is also local. Small town health centres, clinics and dental surgeries may provide a friendlier service – but they are poorly equipped to implement electronic systems with any sufficient level of security measures.
As recent worrying research by Trend Micro illustrates, it is smaller cities that boast a larger number of exposed digital devices. Small practices lack the buying power and often the requisite know-how to procure document management and networking systems that serve them in the best way while also securing patient records from outside interests.
Why does Obamacare matter? Because, by widening patient access, the Affordable Care Act is also massively multiplying the number of digital patient records on file and targeted for attack.
Patient records are a valuable hack target because they contain so much personal information usable for identity theft. If a hacker can access your social security number, driving license and other such details, he/she can piece together your identity using provable credentials required for things like credit card applications or bank access – something which could ruin your life.
The problem is growing. Last year, $16 billion was stolen from 15.4 million US consumers, according to Javelin Strategy & Research’s 2017 Identity Fraud Study. Identity theft specifically is up by 47% since 2014, suffered by almost half a million Americans, and the overwhelming majority of those cases involves the use of citizens’ government documents.
There is a reason for that. Everyone is aware of the big identity theft cases involving hacks of Target, Wells Fargo, Bank Of America and the like. But, as large private institutions like these fall victim, they are also able to review and improve their security measures, albeit belatedly.
Small healthcare providers, then, will become the honeypot that hackers become attracted to. They have too few resources to hire a cybersecurity head, and are currently processing such an influx of patient records that they likely are not even considering the implications.
Your doctor’s surgery doesn’t need to be as big as Wells Fargo to be an attractive hacking prospect. If the security is weak enough and the contents valuable enough, a bank of just a dozen accessible records is all some nefarious hacker may need to score a credit card in your name.
Just like healthcare itself, there is no silver-bullet solution. But the most effective way to strengthen the weak links will be to deliver more healthcare at the state or national level, reducing the vulnerability of hard-pressed local practitioners.A big, well-resourced digital system, into which data is entered and is centrally managed, is a more secure system than thousands of individually weak surgery databases with “hack me” signs on the front door.
Such a system is not beyond the realms of possibility, if the powers that be can make it so. We live in a world where technologies like Apple Pay have implemented an entirely new method of transacting in just a few short years.
Currently in the UK, the government has made available a single online account system, called Government Gateway, for millions of citizens to access public services online. Such a program should not be considered Big Government but, rather, secure services.
The debate over the future of healthcare is far from over. And the good news is that this could be an opportunity to reboot the system in a way that retains healthcare provision and adds a much stronger security imperative.