The EquiFax breach really has me angry. Mostly because I have no control over any aspect of this mess. EquiFax scoops up data on all of us without our consent. They seem unaccountable and untouchable. With a last name like mine, I’ve had many opportunities to dispute incorrect data on my credit reports, which is always time consuming and irritating. They make it known how unimportant you are and assume you are “guilty” unless you prove otherwise. They collect data on all the people in the U.S. old enough to make purchases using credit, and they don’t even bother to encrypt it! Worse yet they didn’t even bother to patch their systems after they had several breaches earlier this year! Talk about arrogant!Is EquiFax just one bad apple? Sadly, they are not. Historically, industries with self-certification of compliance to data protection regulations have woefully low compliance. Government surveys say the healthcare industry is about 15 percent compliant! With respect to the credit card industry, they are better than the healthcare industry by a whopping 5 percent! Eighty percent of businesses fall short. The insurance and financial industries currently have NO regulations to protect your data! The “good news” is regulations are being drafted and are being implemented starting with New York state.
I hope EquiFax is a tipping point for the consumers in our country! It’s time we take control of our data and demand it is properly protected. Nothing seems safe when each morning news declares there is another data breach and the North Koreans launched another missile! It is alarming and discouraging. But I shouldn’t have to give away my hard-earned credit score to buy that shiny new toy for my man cave (I wish!) for a low price on the Internet. I shouldn’t have to worry that my most confidential data is in jeopardy because I had my annual physical! Should I buy that insurance policy to protect my family, or will the data I provide on the application fall into the hands of cybercriminals and cause significant damage to my family?
Going forward, I will do my homework when purchasing online by selecting reputable companies and not chasing the lowest price. I will ask my doctor when was the last time his practice did a security risk assessment and all staff had cyber security training? Does their medical system encrypt the data at all points (most don’t)? I will look at my financial and insurance companies with a skeptical eye and make informed decisions. I will also add my voice to the Equifax failure to better protect my children and their future.
I encourage you to take our confidential free mini-Risk Assessment to see how compliant your organization is. Should you discover you aren’t as compliant as you had hoped, contact us at compliance@thirdrock.com. We’d be happy to help you improve your score and protect your patients, your practice, and yourself!