Florida Hospital Data Breach Spotlights Urgency to Safeguard Identities, Not Just Payments 

So much of commerce has gone online, so many transactions are done digitally as the pandemic lingers, that it might be tempting to think that securing payments, naturally, would secure all other aspects of internet interaction.

Secure the bank account details, in other words — through tokens or by other means — and the rest ostensibly falls into place.

But recent headlines from the healthcare sector show that “identity information” — well beyond the confines of payments and financial services — is proving an attractive target for fraudsters.

As reported this week, the Broward Health hospital system has notified over 1.3 million patients that their personal information was exposed in a data breach dating back to Oct. 15.

Read also: Florida’s Broward Health Hit by Data Breach of 1.3M Patients’ Records

On New Year’s Day, the healthcare system said that names, addresses, phone numbers, Social Security numbers, bank account information and medical history data were all included in the breach. That wealth of information stolen spotlights the broad range of data that are contained within healthcare records, in one place.

We note that many aspects of healthcare have moved online as the pandemic hit hard in recent years — from booking appointments to onboarding payment details to bringing patients and providers together through telehealth appointments. But when more activity is done remotely, well, that opens up various points of access for fraudsters. In addition, there’s still a lot of friction in the process, where third-party apps require a range of usernames and passwords, across a range of devices.

The aforementioned datapoints that are contained within medical records, after all, can be used to craft synthetic identities, or can be used by bad actors to impersonate unwitting victims more easily than ever, across any number of interactions with companies and government organizations.

Less Friction, More Security   

The ability to give consumers a more friction-free online healthcare experience, while safeguarding data, meets reality in digital IDs. As is the case with so many aspects of the high tech realm, the “identity proofing” landscape is still a bit fragmented, with no clear standard in place. A number of providers have been tackling the issue of digital/biometric-driven identification.

In one example noted earlier this year, Mastercard and the medical management startup digital b.well Connected Health teamed up to offer consumers a secure way to confirm their identities when accessing services via smartphones. Mastercard’s ID Verification uses a combination of government ID, facial biometrics with liveness detection and mobile phone intelligence.

Read also: Mastercard Teams With b.well To Advance Secure Consumer Digital Health

We’ve spotlighted the various government initiatives that have been taking shape in recent months as the biometrics and mobile identification methods have been gaining ground. In Nigeria, for example,  the government recently reported that at least 66 million citizens and legal residents have received digital IDs in the form of national identification numbers (NINs) by registering their biometrics with the program. And PYMNTS’ own research has found that 44% of companies surveyed indicated that they were interested in boosting their digital identity trust reputations. It’s only a matter of time before some uniformity of approach to healthcare data takes shape — especially while the fraudsters sharpen their tactics and their attacks.