A recent article in Healthcare IT Newsdiscusses “Visual hacking” – not something we perhaps are as conscious of as we should be. For example, someone is standing near your desk and not even facing your computer but how easy is it for the eye to stray for just a moment and if a patient’s name is visible . . . you’ve been hacked. Jessica Davis writes “When the Ponemon Institute released its 2016 Global Visual Hacking Experiment, the research firm found that 91 percent of visual hacking attempts are successful.”
Also termed ”shoulder surfing” visual hacking occurs on desktop monitors, laptops, any kind of mobile device, and of course, paper records as well. Attacks are stealthy, occur quickly, and usually are undetected unless and until the information is used maliciously.
Davis interviewed Kate Borten, a Visual Privacy Advisory Council member and founder of The Marblehead Group. According to Borten, “Although training employees to protect against visual hacking is not required under HIPAA, CISOs and CIOs should not overlook the threat.”
Since so much of hacking is through the IT venue, and given the fact that visual hacking is not addressed by HIPAA, it’s easy to see why it can easily be overlooked.
There are some simple ways that visual hacking can be addressed including simply educating staff to the problem. Borten suggests “walk-around audits” to identify areas of vulnerability. The angle of screens away from doors, privacy filters, and screen savers are all ways that can cut down on the opportunity for patient data to be visually hacked.
No related posts.