But let’s see where it comes from.
Because mobile devices are often security vulnerabilities for organizations, QR codes designed to facilitate processes such as image file transfer can leave protected health data vulnerable.
Sophisticated bad actors can replace a genuine QR code with a clone that redirects users to a similar website where personal and patient data can be intercepted. They can also use email to embed their fraudulent QR codes in legitimate-looking emails, also known as “quishing.”
Health informatics news asked Sharat Potharaju, co-founder and CEO of Beaconstac, which offers a QR code platform, to discuss why matrix barcodes are attractive to cybercriminals and how healthcare organizations can protect patient data from being compromised in an exploitation of QR codes.
Q: What are QR code exploits and how vulnerable are healthcare IT systems?
A. “Scanning scams” have become almost daily, increasing more than sevenfold by 2022.
Phishing of QR codes, in particular, puts patients and healthcare organizations at risk of identity theft, data breaches and malware infestations. Cybercriminals trick patients or staff into scanning a QR code, which sends them to a website that looks legitimate and asks them to share personal information or login details.
Hackers steal sensitive information, such as medical records, insurance information, social security numbers or other personally identifiable information, to gain access to patient portals, provider networks and other digital services.
Because it has a market on the dark web, patient data is a very tempting target. In fact, a patient record sells for over $1,000 on the black market, depending on its level of detail. That dollar amount is nearly 50 times larger than standard credit card records.
Q: How can HIT block these exploits? Can healthcare organizations still use QR codes?
A. QR codes help organizations improve communication, transparency and information between providers, caregivers and patients.
To secure this technology, healthcare organizations should leverage a QR code generator with built-in features such as single sign-on, multi-factor authentication, custom domain, and user management.
The second critical piece is a QR code platform with incident management tools and security measures subject to periodic thorough audits.
However, education also helps block QR code exploits. Healthcare organizations should train their employees and patients on the safe use of QR codes, including how to identify and avoid phishing scams, malware and other security threats.
Q: How do we make patients and others feel cyber-safe using QR codes?
A. Encourage patients to verify the authenticity of the QR codes they scan before sharing personal information.
Many people open a link right after scanning a QR code without even checking the link, leading to privacy and security risks. Patients should check the website or app URL linked to the QR code or use a reputable QR code scanner app to confirm destination reliability.
Patients should also only scan QR codes from verified sources, such as their healthcare provider’s website, app or printed materials. If a QR code looks suspicious or comes from an unknown source, patients should not scan it.
Additionally, patients should exercise caution when sharing personal data, such as medical history or insurance information, via a QR code. They should only provide this information to trusted healthcare providers who demonstrate that the information is transmitted securely and encrypted.
Andrea Fox is a senior editor at Healthcare IT News.
Email: [email protected]
Healthcare IT News is a publication of HIMSS Media.
Data security is a major concern in the health care industry today, and organizations must take steps to prevent data from being quished and to protect patient information. This is especially important given the rise of new technologies, such as Artificial Intelligence (AI) and Machine Learning (ML). In this article, we will provide some tips for organizations to prevent ‘quishing’, and protect patient data.
First, when dealing with patients’ medical records, it is essential to ensure that all staff are properly trained to recognize threats, and know how to securely handle patient data. Organizations should implement policies that emphasize secure communication, and ensure that all sensitive data is handled securely and with proper authorization. Additionally, all data should be encrypted, and access should only be granted to authorized personnel. The use of multi-factor authentication is also highly recommended to provide an extra layer of security.
Organizations should also consider adopting cloud storage, as it can help to reduce the risks associated with accessing, sharing and storing patient data. Cloud storage is secure, resilient and can provide access to data almost anywhere in the world. Additionally, cloud storage allows for better storage availability and scalability, which can help improve efficiency in the long-run.
Finally, organizations should also look into partnering with tech companies, such as Ikaroa, that specialize in data security. Companies like Ikaroa are experts in data security, and can assist organizations in securing their patient data. They can help organizations by providing advice on preventing ‘quishing’, secure data storage solutions and comprehensive data breach prevention strategies.
Data security is a constantly evolving field, and organizations must remain vigilant in protecting patient information. Implementing the tips outlined above can help organizations prevent ‘quishing’, and protect patient data. Organizations can also use Ikaroa’s services to ensure their data is secure and compliant with the latest industry regulations.