Tricks to stop ‘quishing’ and defend affected person information

As a result of cell units are usually safety weak factors for organizations, QR codes which might be designed to ease processes comparable to image file transfers might go away protected well being information weak.

Refined unhealthy actors can exchange a real QR code with a clone that redirects customers to the same web site the place affected person and private information may be intercepted. They’ll additionally use e mail to embed their fraudulent QR codes into legitimate-looking emails, also referred to as “quishing.”

Healthcare IT Information requested Sharat Potharaju, co-founder and CEO of Beaconstac, which presents a QR code platform, to debate why the matrix barcodes enchantment to cyber criminals and the way healthcare organizations can defend affected person information from being compromised in a QR code exploit.

Q: What are QR code exploits and the way are healthcare IT methods weak?

A. “Scan scams” have turn into an nearly each day incidence, rising greater than seven instances in 2022.

QR code phishing, specifically, places sufferers and healthcare organizations in danger for id theft, information breaches and malware infestations. Cybercriminals trick sufferers or workers members into scanning a QR code, which sends them to a web site that seems professional and prompts them to share private information or log-in particulars.

Hackers steal delicate info, comparable to medical historical past, insurance coverage info, social safety numbers or different private identification information, to realize entry to affected person portals, supplier networks and different digital companies.

As a result of it has a market on the darkish net, affected person information is a really tempting goal. In actual fact, one affected person document sells for upwards of $1,000 on the black market, relying on its stage of element. That greenback quantity is almost 50 instances larger than normal bank card data.

Q: How can HIT block such exploits? Can healthcare organizations nonetheless use QR codes?

A. QR codes assist organizations enhance communication, transparency and data between suppliers, caregivers and sufferers.

To safe this expertise, healthcare organizations ought to leverage a QR code generator with built-in options like single sign-on, multi-factor authentication, customized area and consumer administration.

The second crucial piece is a QR code platform with incident administration instruments and safety measures topic to common complete audits.

Nonetheless, training additionally helps block QR code exploits. Healthcare organizations should practice their workers and sufferers on the protected use of QR codes, together with tips on how to establish and keep away from phishing scams, malware and different safety threats.

Q: How will we allow sufferers and others to really feel cyber-safe utilizing QR codes?

A. Encourage sufferers to confirm the authenticity of the QR codes they scan earlier than sharing private info.

Many individuals open a hyperlink proper after they scan a QR code with out even checking the hyperlink, which poses privateness and safety dangers. Sufferers must verify the web site or app URL linked to the QR code or use a good QR code scanner app to verify the vacation spot’s trustworthiness.

Sufferers must also solely scan QR codes from verified sources, comparable to their healthcare supplier’s web site, app or printed supplies. If a QR code seems suspicious or comes from an unknown supply, sufferers mustn’t scan it.

Moreover, sufferers should take warning when sharing private information — like medical historical past or insurance coverage info — by means of a QR code. They need to solely present this info to trusted healthcare suppliers offering proof that info is transmitted securely and encrypted.

Andrea Fox is senior editor of Healthcare IT Information.
E mail: [email protected]
Healthcare IT Information is a HIMSS Media publication.